Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZUY4Nq2SyY.exe

Overview

General Information

Sample name:ZUY4Nq2SyY.exe
Analysis ID:1632326
MD5:38467719dfb27f6fff6a26b990f9d09e
SHA1:b6193b0921965dbe99f1c7e20cfe41b02a5094bd
SHA256:bbb6421a21af07c3ccf4fd4fa02db284c961cc278fbc549a3c8f347fd8118f69
Infos:

Detection

GuLoader
Score:64
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64native
  • ZUY4Nq2SyY.exe (PID: 10160 cmdline: "C:\Users\user\Desktop\ZUY4Nq2SyY.exe" MD5: 38467719DFB27F6FFF6A26B990F9D09E)
    • ZUY4Nq2SyY.exe (PID: 4276 cmdline: "C:\Users\user\Desktop\ZUY4Nq2SyY.exe" MD5: 38467719DFB27F6FFF6A26B990F9D09E)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000002.2383204492.0000000008203000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    0000001A.00000002.5828876557.00000000049F3000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      No Sigma rule has matched
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-07T22:36:40.798799+010020283713Unknown Traffic192.168.11.304972269.192.139.212443TCP
      2025-03-07T22:39:39.355643+010020283713Unknown Traffic192.168.11.304973869.192.139.212443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-07T22:38:49.081245+010028032702Potentially Bad Traffic192.168.11.3049728142.251.46.238443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: ZUY4Nq2SyY.exeVirustotal: Detection: 68%Perma Link
      Source: ZUY4Nq2SyY.exeReversingLabs: Detection: 52%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: ZUY4Nq2SyY.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49758 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49781 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49782 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49786 version: TLS 1.2
      Source: ZUY4Nq2SyY.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00406167 FindFirstFileA,FindClose,0_2_00406167
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,0_2_00405705
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_00406167 FindFirstFileA,FindClose,26_2_00406167
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,26_2_00405705
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_00402688 FindFirstFileA,26_2_00402688
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49738 -> 69.192.139.212:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49722 -> 69.192.139.212:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.30:49728 -> 142.251.46.238:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cacheCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficHTTP traffic detected: GET /download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIuf_-Nq7CHYwbxECWcp_UWUzQOC1vQ2CsijX1aFKZ_DHVQwF55EgYqKwpEYf9pIBKnK3eKpnrIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:38:50 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-NiHOotEJW56hvomdhwDpCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=522=1ZEhX2CacwZUvVBP_oAKw3PyZI_DngnAbHwduik1IXodRQMSRVGt7dMba9_iLYpncClmlNtPxvzrpxyY-CH_Am03LDM0G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5E3Dh-z2NZe0MrlEqrKUFQQcdAfF0yFRq8sQu1; expires=Sat, 06-Sep-2025 21:38:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIvrmE0Qus7O0d1b5leuc8LFH8C_Px76lI2RDaeRxU3OBiD-gOBxrTy6RwbrNyeBE52Sg8ACPncContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:39:01 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-5A4oR_N332wcPWGiW9gPlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIvZ0rqOThxoxm364nP7ONvpvG_9pqSVs70DXm7ea5ZUJViRei6RKDKSAdJ4PuhryIYvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:39:13 GMTContent-Security-Policy: script-src 'nonce-pKq1KFDjOdnlQV6gbqGDqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIsALMVUmMRohwzO26aNmv3oU0yOqwzPc6mo0py-AjNNxZ5BsNPO1oabuIobShKK8FkpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:39:25 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-XGSk6Rs4UlWdOWLzusXFWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIu0UTFUZpTVVwMzEcklvheIfHJgTHal7jsBVhVe2EvtjdEnCN8I8ncTj8sDkpJkUG3uqm-E3j4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:39:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-2MhL9rhU_dH1ZN_9ObAEqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIs9VRAeCzxbjT5Sfwq9SELHmVERDGKHfYWfq7VAVyF10E5XQbmNdKyWlgyygeb4f_rqContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:39:48 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-bmM-UT0vw26gjD7kUucsAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIsYdspxPe2J6zwki8juhCR4yU2G5DLNhlhJSsqBgraVPC4ZP6hEhHDWzdmbwXw2MEYiContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:40:00 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-lHCzdTbX33YbGhTLhHTD0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyItgtP4k8Y_2n40RNs_NCQC6L8y8_fEDTiK3livIo2R8m809LMGfr-EOx_ebyoUEBMzJIHGRglAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:40:11 GMTContent-Security-Policy: script-src 'nonce-UJtHsByLVOO85p-5jtPu9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyItbGSOycca-7FhTt8sDkmBYpJ5ZOw6lqYZ8Y08ur3M_sif2va1AeIkXgFHQJMfVKgOlWY_RxcoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:40:23 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-PcNMHzsJ4KzWjEbOAO4Rpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIuubIZtClXmXJSuwDCP2rFWFQAqPduZ1yeI8lTqCBxfUWCrQUdw5rSMsMpptXxW5zuhMPu95nQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:40:35 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-x9B4suirIcvKPhdRL-pQdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIvvSIqWm45_008fis-hMI3dShPnOkyzKUVCYAjezFB1rqvPqSSWI1uabwZodq1G26I7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:40:46 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-8HVj1sMkSXpvEkmGlo3elQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIsIbSppe3ABeQsi9yAF3AqsmuV7iPHfUCqHkdC1nQ7kOWtYsviph7OdIo9O_RJaa2tIuh1V1gkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:40:58 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-H6eEIm0eiZx57iM1gLpADw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIu8oH7FEAKsRPcL9Y76x-OTraNfezBfTYP40YcUKgkywmt-52LRjVN3nEaBMfnTkOqxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:41:10 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-SCg6jO2xM9TNNA-Ri2FvGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIvXDP0aJ5Eu0DN826y8086NsCZpJYDtlPhvz2VisQxkjYGL0g1Wh_9k2ZZoxztzJzb3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:41:21 GMTContent-Security-Policy: script-src 'nonce-paU7hMdjPbUzyTlBntHm-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIsCupEC-g_nadQufo_A-QyUF9JbpDNXq6DzwkZVS10Wl3K5E-nvjJ5Ce-S2TFHmoevpKTZouDIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:41:33 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-PAhjJLrvR1Tt8LV5WZx7Sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIvTlGW5kzEMl9YqSr9XcoIei1JScwrxnDY0ieF2f4Q08tLbVT-GTHdhivsS6VEfOdztTeooyqsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:41:45 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-SpTYRYQB4sznWL30P9bN5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyItCs7w1NWkkvMOWih1ryGQi13WnT2FxTIPlRHDWAGVvRmMN7ouikm4bnITqTMLKydWmContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:41:57 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-l-450PG92Ni0-u37oM6ghA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIs_tJJiILW9lhxqTVPSkTvOhoXg8v1lXPTdW-9x9cndXwtpTqPXlZIanMTMux0PZylsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:42:08 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-B2GQxC3hHnTSVFeVQxj7Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyItlScSjk8EouZZgiQfhuWTuF7jbXt34fFA-oJmgBCUDQnk3l7nhQnsFLKDUqAsXVSVwikWyl4sContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:42:20 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-r7pRBrCjzBti6XaRvcQnzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyItn5jkbJl9mqDkV8Ti_x5Xe3tS2JgFZooM4qUmZSI-11BWigSUAl7EZjrJsZDd6WAIwTb4UlAMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:42:32 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-_bkjHQMhqCYn9_Ylsd4nNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIuoWPzkENTwTX4HJkJYoUqJhC7k32twdgfcsX5_acbbp1rX1RxveKhwg_gIEXofF-bwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:42:43 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-VLM33IaPZI6Hv4BYgTVU0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIujJEL5rq7eMOH6Ag-Ra7qkR0zdC-xv5HjIPmHVKwbjjwA7Pz9bS9ntB3j64eOc6gqid_hRBpgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:42:55 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-uWQilKmHDO7QgcgDNLIeFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIv4oW_5ZuJN8CBAG6R8ZJ1FuSg2HcTtQleV-g2ARI0_X3Zx2Dlpz8FVOqL3j3AEd3FJ4SrFihgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:43:06 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-f5sLcRdD-c6hftaHwlkgmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIuISeLu_Zlu7ryZuudzt9LFtUVJq0TXVyH9IjPEsWecM3wOa1oUBg3-8E8GrU7UAsuyGXQVbxwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:43:18 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-HOknh1R5zfG4A47QAcU5bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIuRGDrT6yQOl5iSO-8_SFwwydMHQaouHhQol7UP8MXQlKlZEQa0fZDmNzq7RCeaLcI0yWa5TyMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:43:30 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-vADyLIwgMWjTfl7DfgWQAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIscbUmf60rHANieE-hSiUHQHNhz9TJbTsS8mpqjEPCucUX61WaugPP5OHAeYzP9t_WPyr3AO7wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:43:42 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-cis_DeJjNsoY7v77eij8IA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIuByd4l1ojn_Aj5PV8V-VXJBaskjmrUmWcbIkRIQJf3XVfSVoqAu6aOET-GIJrodKmXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:43:53 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-1EdVVNAgDzxBkFQnlTYNfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyIuVLYFOvSx4VyQ3HixOSZwXGYduje3ou8yqn0_n2H-h6JINMwl7_osO2YT5OzQxixYgsC_V1jwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:44:05 GMTContent-Security-Policy: script-src 'nonce-kjv8ko1JPZz7lMHE60qVeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AKDAyItoJYOwfD0TLkepJG6fEYZFhPsoz5l2r0iL46cmA6lcc-vKNqkI4YzXodIm2ybALV8pContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 07 Mar 2025 21:44:17 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ICaoe11Xl9i6AwINFCDkVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5694456817.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165714429.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4634848540.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460762505.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5216958891.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2647176046.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343497877.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802267799.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3707826077.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4410197594.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5694456817.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165714429.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4634848540.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460762505.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5216958891.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2647176046.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343497877.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802267799.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3707826077.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4410197594.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: ZUY4Nq2SyY.exe, ZUY4Nq2SyY.exe, 0000001A.00000000.2378670286.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: ZUY4Nq2SyY.exe, 00000000.00000002.2380837019.0000000000409000.00000004.00000001.01000000.00000003.sdmp, ZUY4Nq2SyY.exe, 00000000.00000000.751530171.0000000000409000.00000008.00000001.01000000.00000003.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000000.2378670286.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4177071559.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4057980758.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=d
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5226143446.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847048404.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4760088239.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694456817.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4643946963.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165714429.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357465813.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5568914083.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4634848540.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4410434371.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460762505.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5452081915.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890989962.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2647176046.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3816105586.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343497877.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5452323633.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4751691440.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285309185.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4992637773.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2882323063.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4518115096.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343905530.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460940326.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3816251095.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4867820783.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802436447.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100561978.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4049231319.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232565177.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694675911.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932647220.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847296457.0000000006E2C000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5685824672.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5217107624.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4166191398.0000000006E2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285309185.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232565177.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4166191398.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699294137.0000000006E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download8
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285309185.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3816251095.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4049231319.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932647220.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4166191398.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699294137.0000000006E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloads
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5452323633.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4751691440.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4992637773.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343905530.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460940326.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4867820783.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802436447.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100561978.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694675911.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847296457.0000000006E2C000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5685824672.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5217107624.0000000006E2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadt
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5108867370.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100374166.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285162179.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/H
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5108867370.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100374166.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/X
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2890989962.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3008121527.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3241330467.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2882431192.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Y
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3590574096.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ager
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/cati
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232565177.0000000006E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ificate
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4410434371.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4294157064.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4410197594.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4057644742.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4057980758.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ne
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3241330467.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ny
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3008121527.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/om
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5343975959.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3590574096.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5108867370.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3473926707.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3708324106.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4992712197.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4057644742.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5577568933.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4759837561.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5577782140.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4057980758.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=do
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rx
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3590574096.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3473926707.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285162179.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/s-cn
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3590574096.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3473926707.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE$
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3707826077.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3815989694.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3590574096.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3473926707.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE%
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2647176046.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3707826077.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3815989694.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3590574096.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3473926707.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE(
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4410197594.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4526992763.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4867685657.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4517941854.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285162179.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEBR1Joenpet2dIDE
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4634848540.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3707826077.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3473926707.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEBR1Joenpet2dIDEes
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEBR1Joenpet2dIDEry
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5452081915.0000000006E27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDED
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5694456817.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165714429.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4634848540.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460762505.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5216958891.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2647176046.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343497877.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802267799.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3707826077.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4410197594.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEE
      Source: ZUY4Nq2SyY.exe, 0000001A.00000002.5846855554.0000000006DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEH
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2647176046.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEft
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2647176046.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEp
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4165714429.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3465213969.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357267010.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3707826077.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3815989694.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3590574096.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3473926707.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699171024.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4057644742.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124465023.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDErk1.0
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3816105586.0000000006E27000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165962268.0000000006E27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDEtD
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5226143446.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4760088239.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694456817.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4643946963.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5452323633.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165714429.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4992637773.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357465813.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343905530.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2998548947.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460940326.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4634848540.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4410434371.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460762505.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802436447.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100561978.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4165962268.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/9
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5217107624.0000000006E2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/G0oyAl3tRxyjCj74KynG4R1AmX8ZmoRvDxlhEq7Z4kBLtRXMHpxti0TM4MUZaj5
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3816105586.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165962268.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/a
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4643868755.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2657209732.0000000006E5D000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4177071559.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2882431192.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3008121527.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download$
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5452323633.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4751691440.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4992637773.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4518115096.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343905530.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460940326.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3816251095.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4867820783.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802436447.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100561978.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4049231319.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694675911.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932647220.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847296457.0000000006E2C000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5685824672.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5217107624.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4643868755.0000000006E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download8
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2657048011.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890989962.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2764958235.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2882431192.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=download8C
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3348977690.0000000006E46000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadDD
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3348977690.0000000006E3D000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2882195927.0000000006E3D000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadKD
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3699294137.0000000006E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadh
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3816105586.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343497877.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460973249.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343975959.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5108867370.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5577568933.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5577782140.0000000006EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadi
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5452323633.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4751691440.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285309185.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4992637773.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4518115096.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343905530.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460940326.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3816251095.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4867820783.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802436447.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100561978.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4049231319.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232565177.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694675911.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932647220.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847296457.0000000006E2C000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5685824672.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5217107624.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4166191398.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699294137.0000000006E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadid
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5452323633.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4751691440.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4992637773.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4518115096.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343905530.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460940326.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4867820783.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5802436447.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100561978.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694675911.0000000006E30000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847296457.0000000006E2C000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5685824672.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5217107624.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4643868755.0000000006E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloads
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4285309185.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4518115096.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3816251095.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4049231319.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232565177.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932647220.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4166191398.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699294137.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4643868755.0000000006E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadt
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4410434371.0000000006EA2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4410197594.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4526992763.0000000006E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1-n7xwiduRez_9e_x2BR1Joenpet2dIDE&export=downloadz
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3816105586.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165962268.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/n
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4177071559.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3348977690.0000000006E46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2647010257.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357465813.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847048404.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2773838440.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4294157064.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5568632287.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124715629.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3241097165.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343975959.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5108867370.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4057644742.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3474198126.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2882323063.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5568914083.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460762505.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5694456817.0000000006EB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4177071559.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.4634848540.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com:n
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.5343497877.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5100374166.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3581802280.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3699294137.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3232402306.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3116010819.0000000006E54000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2890749827.0000000006E67000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E54000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3932379458.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4177071559.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.2647010257.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3007651773.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3357465813.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847048404.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3349039046.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2773838440.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4294157064.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5568632287.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3124715629.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3241097165.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5343975959.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5108867370.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4057644742.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3474198126.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2882323063.0000000006E2B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5225706858.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3348977690.0000000006E46000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.2881823886.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5568914083.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5460762505.0000000006EB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49758 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.46.238:443 -> 192.168.11.30:49781 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49782 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.189.193:443 -> 192.168.11.30:49786 version: TLS 1.2
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_004051BA GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,LdrInitializeThunk,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004051BA
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040322B
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,26_2_0040322B
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile created: C:\Windows\resources\0409Jump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_004049F90_2_004049F9
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_004064AE0_2_004064AE
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_004049F926_2_004049F9
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_004064AE26_2_004064AE
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: String function: 00402A3A appears 50 times
      Source: ZUY4Nq2SyY.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal64.troj.evad.winEXE@3/15@2/2
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040322B
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,26_2_0040322B
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00404486 GetDlgItem,SetWindowTextA,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,LdrInitializeThunk,SetDlgItemTextA,0_2_00404486
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_0040205E LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,LdrInitializeThunk,0_2_0040205E
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile created: C:\Users\user\soapleesJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile created: C:\Users\user\AppData\Local\Temp\nsjCC2D.tmpJump to behavior
      Source: ZUY4Nq2SyY.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: ZUY4Nq2SyY.exeVirustotal: Detection: 68%
      Source: ZUY4Nq2SyY.exeReversingLabs: Detection: 52%
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile read: C:\Users\user\Desktop\ZUY4Nq2SyY.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\ZUY4Nq2SyY.exe "C:\Users\user\Desktop\ZUY4Nq2SyY.exe"
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess created: C:\Users\user\Desktop\ZUY4Nq2SyY.exe "C:\Users\user\Desktop\ZUY4Nq2SyY.exe"
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess created: C:\Users\user\Desktop\ZUY4Nq2SyY.exe "C:\Users\user\Desktop\ZUY4Nq2SyY.exe"Jump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile written: C:\Users\user\soaplees\fenestella\Lambskin\antrotympanitis.iniJump to behavior
      Source: ZUY4Nq2SyY.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Source: Yara matchFile source: 00000000.00000002.2383204492.0000000008203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000001A.00000002.5828876557.00000000049F3000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_10001A5D LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,lstrcpyA,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleA,LdrInitializeThunk,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile created: C:\Users\user\AppData\Local\Temp\nszCDC5.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeFile created: C:\Users\user\AppData\Local\Temp\nszCDC5.tmp\LangDLL.dllJump to dropped file
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeAPI/Special instruction interceptor: Address: 8AA83E1
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeAPI/Special instruction interceptor: Address: 52983E1
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszCDC5.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszCDC5.tmp\LangDLL.dllJump to dropped file
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exe TID: 1536Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00406167 FindFirstFileA,FindClose,0_2_00406167
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,0_2_00405705
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_00406167 FindFirstFileA,FindClose,26_2_00406167
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,26_2_00405705
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 26_2_00402688 FindFirstFileA,26_2_00402688
      Source: ZUY4Nq2SyY.exe, 0000001A.00000002.5847048404.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5568914083.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.5452081915.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.3816105586.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000003.4165962268.0000000006E11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
      Source: ZUY4Nq2SyY.exe, 0000001A.00000003.3348977690.0000000006E46000.00000004.00000020.00020000.00000000.sdmp, ZUY4Nq2SyY.exe, 0000001A.00000002.5847438967.0000000006E46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeAPI call chain: ExitProcess graph end nodegraph_0-4271
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeAPI call chain: ExitProcess graph end nodegraph_0-4427
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_00401E44 WaitForSingleObject,LdrInitializeThunk,WaitForSingleObject,GetExitCodeProcess,CloseHandle,0_2_00401E44
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_10001A5D LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,lstrcpyA,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleA,LdrInitializeThunk,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeProcess created: C:\Users\user\Desktop\ZUY4Nq2SyY.exe "C:\Users\user\Desktop\ZUY4Nq2SyY.exe"Jump to behavior
      Source: C:\Users\user\Desktop\ZUY4Nq2SyY.exeCode function: 0_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040322B
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API
      1
      DLL Side-Loading
      1
      Access Token Manipulation
      11
      Masquerading
      OS Credential Dumping11
      Security Software Discovery
      Remote Services1
      Archive Collected Data
      11
      Encrypted Channel
      Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection
      1
      Virtualization/Sandbox Evasion
      LSASS Memory1
      Virtualization/Sandbox Evasion
      Remote Desktop Protocol1
      Clipboard Data
      3
      Ingress Tool Transfer
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading
      1
      Access Token Manipulation
      Security Account Manager3
      File and Directory Discovery
      SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection
      NTDS13
      System Information Discovery
      Distributed Component Object ModelInput Capture14
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information
      LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information
      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading
      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.